10th International Conference on Security and Privacy in Communication Networks - Beijing, China

---

10th International Conference on Security and Privacy in Communication Networks September 24-26, 2014 Beijing, China
URL: http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=6120120

Accepted Papers:

• Quanwei Cai, Jingqiang Lin, Fengjun Li, Qiongxiao Wang and Daren Zha.
  EFS: Efficient and Fault-Scalable Byzantine Fault Tolerant Systems against Faulty Clients

• Qianying Zhang, Shijun Zhao and Dengguo Feng.
  Improving the Security of the HMQV Protocol using Tamper-Proof Hardware

• Jialong Zhang, Jayant Notani and Guofei Gu.
  Characterizing Google Hacking: A First Large-Scale Quantitative Study

• Yinzhi Cao, Chao Yang, Vaibhav Rastogi, Yan Chen and Guofei Gu.
  Abusing Browser Address Bar for Fun and Profit - An Empirical Investigation of Add-on Cross Site Scripting Attacks

• Tilo Muller and Christopher Kugler.
  SCADS: Separated Control- and Data-Stack

• Ziyu Wang and Jiahai Yang.
  A New Anomaly Detection Method Based on IGTE and IGFE

• Byungho Min and Vijay Varadharajan.
  A Simple and Novel Technique for Counteracting Exploit Kits

• Xiaoyan Sun, Jun Dai, Anoop Singhal and Peng Liu.
  Inferring the Stealthy Bridges between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks

• Boyang Wang, Yantian Hou, Ming Li, Haitao Wang, Hui Li and Fenghua Li.
  Tree-based Multi-Dimensional Range Search on Encrypted Data with Enhanced Privacy

• Duohe Ma.
  Defending Blind DDoS Attack on SDN Based on Moving Target Defense

• Issa Khalil, Zuochao Dou and Abdallah Khreishah.
  TPM-based Authentication Mechanism for Apache Hadoop

• Max Suraev.
  Implementing an affordable and effective GSM IMSI catcher with 3G authentication

• Tayyaba Zeb, Abdul Ghafoor, Awais Shibli and Muhammad Yousaf.
  A Secure Architecture for Inter-Cloud Virtual Machine Migration

• Nicolas Van Balen and Haining Wang.
  GridMap: Enhanced Security in Cued-Recall Graphical Passwords

• Yi-Ting Chiang, Tsan-Sheng Hsu, Churn-Jung Liau, Yun-Ching Liu, Chih-Hao Shen, Da-Wei Wang and Justin Zhan.
  An Information-Theoretic Approach for Secure Protocol Composition

• Haoyu Ma, Xinjie Ma, Weijie Liu, Zhipeng Huang, Debin Gao and Chunfu Jia.
  Control Flow Obfuscation using Neural Network to Fight Concolic Testing

• Qinglong Zhang, Zongbin Liu, Quanwei Cai and Ji Xiang.
  TST:A New Randomness Test Method Based on Golden Distribution

• Sarmad Ullah Khan.
  An Authentication and Key Management Scheme for Heterogeneous Sensor Networks

• Shen Su and Beichuan Zhang.
  Detecting concurrent prefix hijack events online

• Anna Squicciarini, Dan Lin, Smitha Sundareswaran and Jingwei Li.
  Policy Driven Node Selection in MapReduce

• Vincenzo Gulisano, Magnus Almgren and Marina Papatriantafilou.
  METIS: a Two-Tier Intrusion Detection System for Advanced Metering Infrastructures

• Chen Cao, Yuqing Zhang, Qixu Liu and Kai Wang.
  Function Escalation Attack

• Eirini Karapistoli, Panagiotis Sarigiannidis and Anastasios Economides.
  Wormhole Attack Detection in Wireless Sensor Networks based on Visual Analytics

• Binh Vo and Steven Bellovin.
  Anonymous Publish-Subscribe Systems

• Jeroen Massar, Ian Mason, Linda Briesemeister and Vinod Yegneswaran.
  JumpBox -- A Seamless Browser Proxy for Tor Pluggable Transports

• Sushama Karumanchi, Jingwei Li and Anna Squicciarini.
  Securing Resource Discovery in Content Hosting Networks

• Hugo Gonzalez, Natalia Stakhanova and Ali Ghorbani.
  DroidKin: Lightweight Detection of Android Apps Similarity

Accepted Short Papers

• Yazhe Wang, Mingming Hu and Chen Li.
  UAuth: A Strong Authentication Method from Personal Devices to Multi-accounts

• Chengcheng Shao, Liang Chen, Shuo Fan and Xinwen Jiang.
  Social Authentication Identity: An Alternate to Internet Real Name System

• Xi Xiao, Xianni Xiao, Yong Jiang and Qing Li.
  Detecting Mobile Malware with TMSVM

• Yosra Ben Mustapha, Herve Debar and Gregory Blanc.
  Policy Enforcement Point Model

• Zhangjie Fu, Jiangang Shu, Xingming Sun and Naixue Xiong.
  An Effective Search Scheme based on Semantic Tree over Encrypted Cloud Data Supporting Verifiability

• Pieter Burghouwt, Marcel E.M. Spruit and Henk J. Sips.
  Detection of Botnet Command and Control Traffic by the Identification of Untrusted Destinations

• Jingwei Li, Dan Lin, Anna Squicciarini and Chunfu Jia.
  STRE: Privacy-Preserving Storage and Retrieval over Multiple Clouds

• Lautaro Dolberg, Quentin Jerome, Jerome Francois, Radu State and Thomas Engel.
  RAMSES: Revealing Android Malware through String Extraction and Selection

• Kan Chen, Peidong Zhu and Yueshan Xiong.
  Keep the Fakes Out: Defending against Sybil Attack in P2P systems

• Zhang Lulu, Yongzheng Zhang and Tianning Zang.
  Detecting Malicious Behaviors in Repackaged Android Apps with Loosely-coupled Payloads Filtering Scheme

• Yuling Luo, Junxiu Liu, Jinjie Bi and Senhui Qiu.
  Hardware Implementation of Cryptographic Hash Function based on Spatiotemporal Chaos

• Swarup Chandra, Zhiqiang Lin, Ashish Kundu and Latifur Khan.
  A Systematic Study of the Covert-Channel Attacks in Smartphones

• Sami Zhioua, Adnene Ben Jabeur, Mahjoub Langar and Wael Ilahi.
  Detecting Malicious Sessions through Traffic Fingerprinting using Hidden Markov Models

• Eslam Abdallah, Mohammad Zulkernine and Hossam Hassanein.
  Countermeasures for Mitigating ICN Routing Related DDoS Attacks

• Ding Wang and Ping Wang.
  On the Usability of Two-Factor Authentication

• Bhaswati Deka, Ryan Gerdes, Ming Li and Kevin Heaslip.
  Friendly Jamming for Secure Localization in Vehicular Transportation

• Wenjun Fan.
  Catering Honeypots Creating Based on the Predefined Honeypot Context

(ID#:14-2903)

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

15th International Conference on Information & Communications Security (ICICS 2013) - Beijing, China

---

15th International Conference on Information & Communications Security (ICICS 2013)
20-22 November 2013, Beijing, China

Defending against heap overflow by using randomization in nested virtual clusters
Chee Meng Tey and Debin Gao
School of Information Systems, Singapore Management University VTOS: Research on Methodology of "Light-weight" Formal Design and Verification for Microkernel OS
Zhenjiang Qian, Hao Huang and Fangmin Song
Department of Computer Science and Technology, Nanjing University

XLRF: A Cross-Layer Intrusion Recovery Framework for Damage Assessment and Recovery Plan Generation
Eunjung Yoon and Peng Liu
Pennsylvania State University

PRIDE: Practical Intrusion Detection in Resource Constrained Wireless Mesh Networks
Amin Hassanzadeh, Zhaoyan Xu, Radu Stoleru, Guofei Gu and Michalis Polychronakis
Texas A&M University; Columbia University

Fingerprint Embedding: A Proactive Strategy of Detecting Timing Channels
Jing Wang, Peng Liu, Limin Liu, Le Guan and Jiwu Jing
State Key Laboratory of Information Security, Institute of Information Engineering, CAS; University of Chinese Academy of Sciences; Pennsylvania State University

Type-Based Analysis of Protected Storage in the TPM
Jianxiong Shao, Dengguo Feng and Yu Qin
Institute of Software, Chinese Academy of Sciences

Remote Attestation Mechanism for User Centric Smart Cards using Pseudorandom Number Generators
Raja Naeem Akram, Konstantinos Markantonakis and Keith Mayes
Cyber Security Lab, Department of Computer Science, University of Waikato; ISG Smart card Centre, Royal Holloway, University of London

Direct Construction of Signcryption Tag-KEM from Standard Assumptions in the Standard Model
Xiangxue Li, Haifeng Qian, Yu Yu, Jian Weng and Yuan Zhou
Department of Computer Science and Technology, East China Normal University;
National Engineering Laboratory for Wireless Security, Xi'an University of Posts and Telecommunications;
Institute for Interdisciplinary Information Sciences, Tsinghua University;
Department of Computer Science, Jinan University;
Network Emergency Response Technical Team/Coordination Center, China

Efficient eCK-secure Authenticated Key Exchange Protocols in the Standard Model
Zheng Yang
Horst Goertz Institute for IT Security

Time-Stealer: A Stealthy Threat for Virtualization Scheduler and Its Countermeasures
Hong Rong, Ming Xian, Huimei Wang and Jiangyong Shi
State Key Laboratory of Complex Electromagnetic Environment Effects on Electronics and Information System,National University of DefenseTechnology

Detecting Malicious Co-resident Virtual Machines Indulging in Load-Variation Attacks
Smitha Sundareswaran and Anna Squicciarini
College of Information Sciences and Technology, Pennsylvania State University

A Covert Channel Using Event Channel State on Xen Hypervisor
Qingni Shen, Mian Wan, Zhuangzhuang Zhang, Zhi Zhang, Sihan Qing and Zhonghai Wu
Peking University;

Comprehensive Evaluation of AES Dual Ciphers as a Side-Channel Countermeasure
Amir Moradi and Oliver Mischke
Horst Gortz Institute for IT-Security, Ruhr University Bochum

EMD-Based Denoising for Side-Channel Attacks and Relationships between the Noises Extracted with Different Denoising Methods
Mingliang Feng, Yongbin Zhou and Zhenmei Yu
State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences; School of Information Technology, Shandong Women's University

Defeat Information Leakage from Browser Extensions Via Data Obfuscation
Wentao Chang and Songqing Chen
Department of Computer Science, George Mason University

Rating Web Pages Using Page-Transition Evidence
Jian Mao, Xinshu Dong, Pei Li, Tao Wei and Zhenkai Liang
School of Electronic and Information Engineering, BeiHang University; School of Computing, National University of Singapore; Institute of Computer Science and Technology, Peking University

OSNGuard: Detecting Worms with User Interaction Traces in Online Social Networks
Liang He, Dengguo Feng, Purui Su, Ling-Yun Ying, Yi Yang, Huafeng, Huang and Huipeng Fang
Institute of Software, Chinese Academy of Sciences

Attacking and Fixing the CS Mode Han Sui, Wenling Wu, Liting Zhang and Peng Wang
Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences; Data Assurance and Communication Security, Institute of Information Engineering, Chinese Academy of Sciences

Integral Attacks on Reduced-Round PRESENT
Shengbao Wu and Mingsheng Wang
Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences; State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences

Computationally Efficient Expressive Key-Policy Attribute Based Encryption Schemes with Constant-Size Ciphertext
Y. Sreenivasa Rao and Ratna Dutta
Indian Institute of Technology Kharagpur

Privacy-Preserving Decentralized Ciphertext-Policy Attribute-Based Encryption with Fully Hidden Access Structure
Huiling Qian, Jiguo Li and Yichen Zhang
College of Computer and Information Engineering, Hohai University

Accelerating AES in JavaScript with WebGL
Yang Yang, Jiawei Zhu, Qiuxiang Dong, Guan Zhi and Zhong Chen
Peking University

Analysis of Multiple Checkpoints in Non-perfect and Perfect Rainbow Tradeoff Revisited
Wenhao Wang and Dongdai Lin
State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences

Efficient Implementation of NIST-Compliant Elliptic Curve Cryptography for Sensor Nodes
Zhe Liu, Hwajeong Seo, Johann Groszschaedl and Howon Kim
University of Luxembourg; Pusan National University

A Secure and Efficient Scheme for Cloud Storage Against Eavesdropper
Jian Liu, Huimei Wang, Ming Xian and Kun Huang
State Key Laboratory of Complex Electromagnetic Environment Effects on Electronics and Information System, National University of Defense Technology

Secure and Private Outsourcing of Shape-Based Feature Extraction
Shumiao Wang, Mohamed Nassar, Mikhail Atallah and Qutaibah Malluhi Purdue University; Qatar University

Toward Generic Method for Server-Aided Cryptography
Sebastien Canard, Iwen Coisel, Julien Devigne, Cecilia Gallais, Thomas Peters and Olivier Sanders
Orange Labs; JRC; Universite de Rennes; Universite catholique de Louvain

Generation and Tate Pairing Computation of Ordinary Elliptic Curves with Embedding Degree One
Zhi Hu, Lin Wang, Maozhi Xu and Guoliang Zhang
Beijing International Center for Mathematical Research, Peking University; Science and Technology on Communication Security Laboratory; LMAM, School of Mathematical Sciences, Peking University

Threshold Secret Image Sharing
Teng Guo, Feng Liu, Chuankun Wu, Chingnung Yang and Wen Wang
State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences; National Dong Hwa University

(ID#:14-2902)

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

2014 Iran Workshop on Communication and Information Theory (IWCIT) - Iran

---

International Conferences: 2014 Iran Workshop on Communication and Information Theory This bibliography comes from another recently held international conference to highlight Science of Security research being conducted globally. This set is from the 2014 Iran Workshop on Communication and Information Theory (IWCIT ) held 7-8 May 2014.

• Afshar, N.; Akhbari, B.; Aref, M.R., "Random Coding Bound For E-Capacity Region Of The Relay Channel With Confidential Messages," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,6, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842481 We study a relay channel with confidential messages (RCC), which involves a sender, a receiver and a relay. In the RCC, a common information must be transmitted to both a receiver and a relay and also a private information to the intended receiver, while keeping the relay as ignorant of it as possible. The level of ignorance of the relay rather than the private message is measured by the equivocation rate. We consider two error probability exponents (reliabilities) E1, E2 of exponentially decrease of error probability of the receiver decoder and the relay decoder, respectively. For E = (E1, E2), the E-capacity region is the set of all E-achievable rates of codes with given reliability E. We derive a random coding bound for E-capacity region of the RCC using block Markov strategies over a fixed number of blocks. We also show that, when E tends to zero, our obtained inner bound for E-capacity region converges to the inner bound for the capacity region of the RCC obtained by Y. Oohama and S. Watanabe. Keywords: Markov processes; codecs; error statistics; radio receivers; random codes; telecommunication channels ;E-achievable rates; E-capacity region; block Markov strategies; confidential messages; equivocation rate; error probability; random coding bound; receiver decoder; relay channel; relay decoder; Channel coding; Decoding; Error probability; Receivers; Relays; Vectors; E-capacity; effective rate; equivocation rate; error probability exponent; method of types; relay channel with confidential messages (ID#:14-3067) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842481&isnumber=6842477

• Aguerri, I.E.; Varasteh, M.; Gunduz, D., "Zero-delay Joint Source-Channel Coding," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,6, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842482 In zero-delay joint source-channel coding each source sample is mapped to a channel input, and the samples are directly estimated at the receiver based on the corresponding channel output. Despite its simplicity, uncoded transmission achieves the optimal end-to-end distortion performance in some communication scenarios, significantly simplifying the encoding and decoding operations, and reducing the coding delay. Three different communication scenarios are considered here, for which uncoded transmission is shown to achieve either optimal or near-optimal performance. First, the problem of transmitting a Gaussian source over a block-fading channel with block-fading side information is considered. In this problem, uncoded linear transmission is shown to achieve the optimal performance for certain side information distributions, while separate source and channel coding fails to achieve the optimal performance. Then, uncoded transmission is shown to be optimal for transmitting correlated multivariate Gaussian sources over a multiple-input multiple-output (MIMO) channel in the low signal to noise ratio (SNR) regime. Finally, motivated by practical systems a peak-power constraint (PPC) is imposed on the transmitter's channel input. Since linear transmission is not possible in this case, nonlinear transmission schemes are proposed and shown to perform very close to the lower bound. Keywords: Gaussian channels; MIMO communication; block codes; combined source-channel coding; decoding; delays; fading channels; radio receivers; radio transmitters; MIMO communication; PPC; SNR; block fading channel; correlated multivariate Gaussian source transmission; decoding; encoding delay reduction; end-to-end distortion performance; information distribution; multiple input multiple output channel; nonlinear transmission scheme; peak power constraint; receiver; signal to noise ratio; transmitter channel; uncoded linear transmission; zero delay joint source channel coding; Channel coding; Decoding; Joints; MIMO; Nonlinear distortion; Signal to noise ratio (ID#:14-3068) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842482&isnumber=6842477

• Akhoondi, F.; Poursaeed, O.; Salehi, J.A., "Resource Allocation Using Fragmented-Spectrum Synchronous OFDM-CDMA In Cognitive Radio Networks," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,4, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842483 This paper presents a fragmented-spectrum synchronous OFDM-CDMA modulation and utilize it as secondary users modulation in a cognitive radio-based network to provide high data rate by efficiently exploiting available spectrum bands in a target spectral range while simultaneously offering multiple-access capability. In particular, given preexisting communications in the spectrum where the system is operating, a channel sensing and estimation method is used to obtain information of subcarrier availability. Given this information, some three-level codes are provided for emerging new cognitive radio users. Furthermore, analytical results of the system performance in a typical cognitive radio network are shown. Keywords: OFDM modulation; channel estimation; code division multiple access; cognitive radio; radio networks; resource allocation; available spectrum bands; channel estimation method; channel sensing; cognitive radio users; cognitive radio-based network; fragmented-spectrum synchronous OFDM-CDMA modulation; multiple-access capability; resource allocation; secondary users modulation; subcarrier availability; target spectral range; three-level codes; Conferences; Information theory; code-division multiple-access (CDMA);cognitive radio; fragmented-spectrum; multicarrier (MC);orthogonal frequency division multiplexing (OFDM) (ID#:14-3069) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842483&isnumber=6842477

• Hassan, N.B.; Matinfar, M.D., "On The Implementation Aspects Of Adaptive Power Control Algorithms In Free-Space Optical Communications," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,5, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842485 Atmospheric turbulence has made a significant contribution in free-space optical (FSO) communications' areas of research. Assuming slowly varying channel, a feedback can be implemented to overcome the problem of fading. In comparison with all former published works, in this paper, we apply an algorithm to reduce average power consumption by regulating transmitter Erbium Doped Fiber Amplifier (EDFA) gain given channel state information (CSI). As a benchmark, a simple but non practical power control algorithm is introduced and discussed in this paper. To make the algorithm more practical, the quantized counterpart of the algorithm is introduced and its performance is compared to continuous one. It is shown by consuming 4dB more power than the continuous algorithm, we can simply implement a practical quantized power control algorithm. The statistical analysis of the proposed adaptive algorithms is performed, considering a complex model of the channel, including a low power transmitting laser, EDFA statistical model, channel fading, channel attenuations, receiver lens, photodetector model and all sources of optical and electrical noise. It is shown the proposed algorithm brings significant improvements over its non-adaptive counterpart. Keywords: adaptive control; erbium; gain control; optical communication equipment; optical fibre amplifiers; optical links; power control; telecommunication control; EDFA gain regulation; EDFA statistical model; adaptive algorithms; adaptive power control algorithm; atmospheric turbulence; average power consumption; channel attenuations; channel fading; channel state information; electrical noise; free-space optical communications; low power transmitting laser; optical noise; photodetector model; practical power control algorithm; receiver lens; transmitter erbium doped fiber amplifier; Atmospheric modeling; Bit error rate; Erbium-doped fiber amplifiers; Fading; Noise; Optical attenuators; Optical fiber communication; EDFA; Free-space optical communication; OOK modulation; adaptive transmission; atmospheric turbulence (ID#:14-3070) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842485&isnumber=6842477

• Khani, A.E.; Seyfe, B., "A game-theoretic Approach Based On Pricing Scheme On The Two-User Gaussian Interference Channel," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,6, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842489 In this work, a non-cooperative power control game between two selfish users over a Gaussian interference channel is presented. In this proposed scenario each user is willing to maximize its utility under power constraints in transmitters. The outcome of this non-cooperative game is considered. We show that by choosing a proper price for each of the users, the outcome of the game is a unique, Pareto-efficient and proportional fair Nash Equilibrium (NE). Numerical Results confirm our analytical developments. Keywords: Gaussian channels; game theory; pricing; telecommunication control; NE; Pareto-efficient; game-theoretic approach; noncooperative power control game; power constraints; pricing scheme; proportional fair Nash equilibrium; transmitters; two-user gaussian interference channel; Games; Integrated circuits; Interference channels; Nash equilibrium; Power control; Pricing; Gaussian interference channel; Nash equilibrium; Pareto efficiency; game theory; proportional fairness (ID#:14-3071) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842489&isnumber=6842477

• Emadi, M.J.; Khormuji, M.N.; Skoglund, M.; Aref, M.R., "The Generalized MAC With Partial State And Message Cooperation," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1, 5, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842490 We consider a two-user state-dependent generalized multiple access channel (GMAC) with correlated channel state information (CSI). It is assumed that the CSI is partially known at each encoder noncausally. We first present an achievable rate region using multi-layer Gelfand-Pinsker coding with partial state and message cooperation between the encoders. We then specialize our result to a Gaussian GMAC with additive interferences that are known partially at each encoder. We show that the proposed scheme can remove the common part known at both encoders and also mitigate a significant part of the independent interference via state cooperation when the feedback links are strong. Thus, the proposed scheme can significantly improve the rate region as compared to that with only message cooperation. Keywords: Gaussian channels; channel coding; cooperative communication; multi-access systems; CSI; Gaussian GMAC; achievable rate region; additive interferences; correlated channel state information; encoder; feedback links; independent interference; message cooperation; multilayer Gelfand-Pinsker coding; state cooperation; two-user state-dependent generalized multiple access channel; Additives; Channel models; Decoding; Encoding; Interference; Receivers; Relays (ID#:14-3072) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842490&isnumber=6842477

• Ghasemi-Goojani, S.; Behroozi, H., "Nested Lattice Codes For The State-Dependent Gaussian Interference Channel With A Common Message," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,6, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842492 In this paper, we consider the generalized point-to-point Additive White Gaussian Noise (AWGN) channel with state: The State-Dependent Gaussian Interference Channel (SD-GIC) with a common message in which two senders transmit a common message to two receivers. Transmitter 1 knows only message W1 while transmitter 2 in addition W1 also knows the channel state sequence non-causally. In this paper, we consider the strong interference case where the channel state has unbounded variance. First, we show that a scheme based on Gelfand-Pinsker coding cannot achieve the capacity within a constant gap for channel gains smaller than unity. In contrast, we propose a lattice-based transmission scheme that can achieve the capacity region in the high SNR regime. Our proposed scheme can achieve the capacity region to within 0.5 bit for all values of channel parameters. Keywords: AWGN channels; encoding; radio transmitters; radiofrequency interference; AWGN channel; Gelfand-Pinsker coding; SD-GIC;S NR regime; capacity region; channel parameters; channel state sequence; generalized point-to-point Additive White Gaussian Noise; lattice-based transmission scheme; nested lattice codes; state-dependent Gaussian interference channel; unbounded variance; Decoding; Encoding; Interference channels; Lattices; Receivers; Transmitters (ID#:14-3073) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842492&isnumber=6842477

• Keykhosravi, K.; Mahzoon, M.; Gohari, A.; Aref, M.R., "From Source Model To Quantum Key Distillation: An Improved Upper Bound," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,6, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842497 In this paper we derive a new upper bound on the quantum key distillation capacity. This upper bound is an extension of the classical bound of Gohari and Anantharam on the source model problem. Our bound strictly improves the quantum extension of reduced intrinsic information bound of Christandl et al. Although this bound is proposed for quantum settings, it also serves as an upper bound for the special case of classical source model, and may improve the bound of Gohari and Anantharam. The problem of quantum key distillation is one in which two distant parties, Alice and Bob, and an adversary, Eve, have access to copies of quantum systems A, B, E respectively, prepared jointly according to an arbitrary state rABE. Alice and Bob desire to distill secret key bits that are secure from Eve, using only local quantum operations and authenticated public classical communication (LOPC). Keywords: quantum cryptography; LOPC; classical source model; improved upper bound; local quantum operation-authenticated public classical communication; quantum extension; quantum key distillation capacity; quantum setting; quantum systems; reduced intrinsic information bound; secret key bits; source model problem; Entropy; Equations; Mathematical model; Mutual information; Protocols; Security; Upper bound (ID#:14-3074) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842497&isnumber=6842477

• Kuhestani, A.; Mohammadi, A., "Finite-SNR diversity-multiplexing tradeoff of linear dispersion coded MISO systems," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,4, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842499 In this paper, we study the diversity-multiplexing tradeoff (DMT) of linear dispersion (LD) coded multiple-input single-output (MISO) systems at finite-SNRs. The tradeoff curves provide a characterization of the achievable diversity and multiplexing gains for a given space-time block code (STBC) at SNRs encountered in practice. For this purpose, first, the outage probability is derived for a broad class of LD coded MISO channels in a simple and closed-form expression. Then, for the special case of the correlated Rayleigh fading MISO channel, the outage probability is presented in an exact closed-form. Using this expression, we present a closed-form solution for the DMT framework. Keywords: Rayleigh channels; probability; space-time block codes; DMT; LD coded MISO systems; STBC; closed-form expression; correlated Rayleigh fading MISO channel; finite-SNR diversity-multiplexing tradeoff; linear dispersion coded multiple-input single-output systems; outage probability; space-time block code; Diversity methods; Fading; Gain; MIMO; Multiplexing; Signal to noise ratio; Transmitting antennas; Diversity-Multiplexing Tradeoff (DMT);Linear Dispersion (LD) Code; Multiple-Input Single-Output (MISO) channel (ID#:14-3075) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842499&isnumber=6842477

• Mirmohseni, M.; Papadimitratos, P., "Colluding Eavesdroppers In Large Cooperative Wireless Networks," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,6, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842500 Securing communication against non-colluding passive eavesdroppers has been extensively studied. Colluding eavesdroppers were considered for interference-limited large networks. However, collusion was not investigated for large cooperative networks. This paper closes this gap: we study the improvement the eavesdroppers achieve due to collusion in terms of the information leakage rate in a large cooperative network. We consider a dense network with nl legitimate nodes, ne eavesdroppers, and path loss exponent a 2. We show that if ne(2+2/a) (log ne)g = o(nl) holds, for some positive g, then zero-cost secure communication is possible; i.e., ne colluding eavesdroppers can be tolerated. This means that our scheme achieves unbounded secure aggregate rate, given a fixed total power constraint for the entire network. Keywords: computational complexity; cooperative communication; radio networks; radiofrequency interference ;telecommunication security; eavesdropper collusion; eavesdropper improvement; fixed total power constraint ;information leakage rate; interference-limited large cooperative wireless networks; legitimate nodes; path loss exponent; zero-cost secure communication; Aggregates; Array signal processing; Encoding; Relays; Transmitters; Vectors; Wireless networks (ID#:14-3076) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842500&isnumber=6842477

• Mirzaee, M.; Akhlaghi, S., "Maximizing The Minimum Achievable Secrecy Rate In A Two-User Gaussian Interference Channel," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,5, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842501 This paper studies a two-user Gaussian interference channel in which two single-antenna sources aim at sending their confidential messages to the legitimate destinations such that each message should be kept confidential from non-intended receiver. Also, it is assumed that the direct channel gains are stronger than the interference channel gains and the noise variances at two destinations are equal. In this regard, under Gaussian code book assumption, the problem of secrecy rate balancing which aims at exploring the optimal power allocation policy at the sources in an attempt to maximize the minimum achievable secrecy rate is investigated, assuming each source is subject to a transmit power constraint. To this end, it is shown that at the optimal point, two secrecy rates are equal, hence, the problem is abstracted to maximizing the secrecy rate associated with one of destinations while the other destination is restricted to have the same secrecy rate. Accordingly, the optimum secrecy rate associated with the investigated max-min problem is analytically derived leading to the solution of secrecy rate balancing problem. Keywords: Gaussian channels; antennas; interference (signal) ;telecommunication security; Gaussian code book assumption; achievable secrecy rate; direct channel gains; interference channel gains; max-min problem; noise variances; nonintended receiver; optimal power allocation policy; secrecy rate balancing ;single-antenna sources; transmit power constraint; two-user Gaussian interference channel; Array signal processing; Gain ;Interference channels; Linear programming; Noise; Optimization; Transmitters; Achievable secrecy rate; Gaussian interference channel; Max-Min problem (ID#:14-3077) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842501&isnumber=6842477

• Bidokhti, S.S.; Kramer, G., "An Application Of A Wringing Lemma To The Multiple Access Channel With Cooperative Encoders," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,4, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842504 The problem of communicating over a multiple access channel with cooperative encoders is studied. A new upper bound is derived on the capacity which is motivated by the regime of operation where the relays start to cooperate. The proof technique is based on a wringing lemma by Dueck and Ahlswede which was used for the multiple description problem with no excess rate. Previous upper bounds are shown to be loose in general, and may be improved. Keywords: codecs; cooperative communication; multi-access systems; cooperative encoders; multiple access channel; multiple description problem; wringing lemma; Adders; Artificial neural networks; Diamonds; Random variables; Relays; Standards; Upper bound (ID#:14-3078) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842504&isnumber=6842477

• Salehkalaibar, S.; Aref, M.R., "An Achievable Scheme For The One-Receiver, Two-Eavesdropper Broadcast Channel," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,6, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842505 In this paper, we consider the secrecy of the one-receiver, two-eavesdropper Broadcast Channel (BC) with three degraded message sets. There is a three-receiver BC where the common message is decoded by all receivers. The first confidential message is decoded by the first and the second receivers and is kept secret from the third receiver (eavesdropper). The second confidential message is decoded by the first receiver and is kept secret from the second and the third receivers (eavesdroppers). We propose an achievable scheme to find an inner bound to the secrecy capacity region of a class of one-receiver, two-eavesdropper BCs with three degraded message sets. We also compare our inner bound with another existing achievable region. Keywords: broadcast channels; broadcast communication; radio receivers; telecommunication security; confidential message decoding; degraded message sets; one-receiver broadcast channel; secrecy capacity region; three-receiver BC; two-eavesdropper broadcast channel; Decoding; Entropy; Joints; Mutual information; Random variables; Receivers; Transmitters (ID#:14-3079) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842505&isnumber=6842477

• Sonee, A.; Hodtani, G.A., "Wiretap Channel With Strictly Causal Side Information At Encoder," Communication and Information Theory (IWCIT), 2014 Iran Workshop on , vol., no., pp.1,6, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842507 In this paper, the wiretap channel with side information studied in [2] is revisited for the case in which the side information is available only at the encoder and in a strictly causal manner. We derive a lower bound on the secrecy capacity of the channel based on a coding scheme which consists of block Markov encoding and key generation using the strictly causal state information available at the encoder. In order to provide the secrecy of messages, at the end of each block a description of the state sequence obtained by the encoder is used to generate the key which encrypts the whole or part of the message to be transmitted in the next block. Moreover, for the decoder to be able to decrypt the messages, the description of the sate sequence of each block is sent in common with the message of that block. Also, an upper bound on the secrecy capacity is developed which assumes that the state is noncausally known at the encoder and we prove that it would coincide the lower bound for a special case and results in the secrecy capacity. Keywords: Markov processes; encoding; block Markov encoding; key generation; sate sequence; secrecy capacity; wiretap channel; Cryptography; Decoding; Encoding; Indexes; Markov processes; Radio frequency; Upper bound (ID#:14-3080) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842507&isnumber=6842477

• Zahabi, S.J.; Khosravifard, M., "A Note On The Redundancy Of Reversible Variable Length Codes," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,6, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842508 An improved upper bound on the redundancy of the optimal reversible variable length code (RVLC), is presented in terms of the largest symbol probability p1. The improvement is achieved for 2/9 <; p1 <; 1/4 and for 2/5 p1 1/2. The bound guarantees that in these two regions, the redundancy of the optimal RVLC is less than 1 bit per symbol. Keywords: probability; variable length codes; RVLC; reversible variable length codes; symbol probability; Computers; Conferences; Information theory; Radio frequency; Redundancy; Upper bound; Vectors (ID#:14-3081) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842508&isnumber=6842477

• Zeinalpour-Yazdi, Z.; Jalali, S., "Outage Analysis Of Uplink Open Access Two-Tier Networks," Communication and Information Theory (IWCIT), 2014 Iran Workshop on, pp.1,6, 7-8 May 2014. doi: 10.1109/IWCIT.2014.6842511 Employing multi-tier networks is among the most promising approaches to address the rapid growth of the data demand in cellular networks. In this paper, we study a two-tier uplink cellular network consisting of femtocells and a macrocell. Femto base stations, and femto and macro users are assumed to be spatially deployed based on independent Poisson point processes. Under open-access policy, we derive analytical upper and lower bounds on the outage probabilities of femto users and macro users that are subject to fading and path loss. We also study the effect of the distance from the macro base station on the outage probability experienced by the users. In all cases, our simulation results comply with our analytical bounds. Keywords: femtocellular radio ;radio links; stochastic processes; femto base stations; femto users; femtocell network; independent Poisson point processes; macro base station; macro users; macrocell network; multi-tier networks; open-access policy; outage analysis; outage probabilities; two-tier uplink cellular network; uplink open access two-tier networks; Analytical models; Downlink; Femtocells; OFDM; Open Access; Uplink (ID#:14-3082) URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842511&isnumber=6842477

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

6th International Conference on New Technologies, Mobility & Security (NTMS) - Dubai

---

The 2014 6th International Conference on New Technologies, Mobility and Security (NTMS) was held March 30 --April 2, 2014 in Dubai. This conference addresses advances in new technologies, solutions for mobility and tools and techniques for information security. The concentration is on the development of smart sensor systems and sensor networks for smart cities. An emphasis is placed on integration of distributed sensors together with the optimization algorithms to achieve this goal. In the security track, twenty three security-related research papers were presented addressing a range of issues in the areas of business process application security, security assurance and assessment, social networking security, privacy and anonymity, cloud computing security, intrusion and malware detection, digital forensics and cryptography.

• Al Barghouthy, N.B.; Marrington, A., "A Comparison of Forensic Acquisition Techniques for Android Devices: A Case Study Investigation of Orweb Browsing Sessions," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on,., pp.1,4, March 30 2014-April 2 2014 doi: 10.1109/NTMS.2014.6813993 The issue of whether to "root" a small scale digital device in order to be able to execute acquisition tools with kernel-level privileges is a vexing one. In the early research literature about Android forensics, and in the commercial forensic tools alike, the common wisdom was that "rooting" the device modified its memory only minimally, and enabled more complete acquisition of digital evidence, and thus was, on balance, an acceptable procedure. This wisdom has been subsequently challenged, and alternative approaches to complete acquisition without "rooting" the device have been proposed. In this work, we address the issue of forensic acquisition techniques for Android devices through a case study we conducted to reconstruct browser sessions carried out using the Orweb private web browser. Orweb is an Android browser which uses Onion Routing to anonymize web traffic, and which records no browsing history. Physical and logical examinations were performed on both rooted and non-rooted Samsung Galaxy S2 smartphones running Android 4.1.1. The results indicate that for investigations of Orweb browsing history, there is no advantage to rooting the device. We conclude that, at least for similar investigations, rooting the device is unnecessary and thus should be avoided.
  Keywords: Android (operating system) ;Internet; digital forensics; online front-ends; smart phones; Android 4.1.1;Android browser; Android devices; Android forensics; Onion Routing; Orweb browsing sessions;Orweb private Web browser; Web traffic anonymization; browser session reconstruction; browsing history; device rooting; digital evidence acquisition; forensic acquisition techniques; forensic tools; kernel-level privilege; nonrooted Samsung Galaxy S2 smartphone; small scale digital device; Androids; Browsers; Forensics; Humanoid robots; Random access memory; Smart phones; Workstations (ID#:14-3241)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6813993&isnumber=6813963

• Hammi, B.; Khatoun, R.; Doyen, G., "A Factorial Space for a System-Based Detection of Botcloud Activity," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1,5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6813996 Today, beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers, and Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use. Such a phenomena is a major issue since it strongly increases the power of distributed massive attacks while involving the responsibility of cloud service providers that do not own appropriate solutions. In this paper, we present an original approach that enables a source-based de- tection of UDP-flood DDoS attacks based on a distributed system behavior analysis. Based on a principal component analysis, our contribution consists in: (1) defining the involvement of system metrics in a botcoud's behavior, (2) showing the invariability of the factorial space that defines a botcloud activity and (3) among several legitimate activities, using this factorial space to enable a botcloud detection.
  Keywords: cloud computing; computer network security; distributed processing; principal component analysis; transport protocols; UDP-flood DDoS attacks; botcloud activity; botcloud detection; botcoud behavior; botnets; cloud computing; cloud service provider; distributed massive attacks; distributed system behavior analysis; factorial space; legitimate activity; legitimate usage; malicious use; principal component analysis; source-based detection; system metrics; system-based detection; Cloud computing; Collaboration; Computer crime; Intrusion detection; Measurement; Monitoring; Principal component analysis (ID#:14-3242)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6813996&isnumber=6813963

• Hatzivasilis, G.; Papaefstathiou, I.; Manifavas, C.; Papadakis, N., "A Reasoning System for Composition Verification and Security Validation," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, no., pp. 1, 4, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814001 The procedure to prove that a system-of-systems is composable and secure is a very difficult task. Formal methods are mathematically-based techniques used for the specification, development and verification of software and hardware systems. This paper presents a model-based framework for dynamic embedded system composition and security evaluation. Event Calculus is applied for modeling the security behavior of a dynamic system and calculating its security level with the progress in time. The framework includes two main functionalities: composition validation and derivation of security and performance metrics and properties. Starting from an initial system state and given a series of further composition events, the framework derives the final system state as well as its security and performance metrics and properties. We implement the proposed framework in an epistemic reasoner, the rule engine JESS with an extension of DECKT for the reasoning process and the JAVA programming language.
  Keywords: Java; embedded systems; formal specification; formal verification; reasoning about programs; security of data; software metrics; temporal logic; DECKT; JAVA programming language; composition validation; composition verification; dynamic embedded system composition; epistemic reasoner; event calculus; formal methods; model-based framework; performance metrics; reasoning system; rule engine JESS; security evaluation; security validation; system specification ;system-of-systems; Cognition; Computational modeling; Embedded systems; Measurement; Protocols; Security; Unified modeling language (ID#:14-3243)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814001&isnumber=6813963

• Al Sharif, S.; Al Ali, M.; Salem, N.; Iqbal, F.; El Barachi, M.; Alfandi, O., "An Approach for the Validation of File Recovery Functions in Digital Forensics' Software Tools," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1, 6, March 30 2014-April 2 2014 doi: 10.1109/NTMS.2014.6814005 Recovering lost and deleted information from computer storage media for the purpose of forensic investigation is one of the essential steps in digital forensics. There are several dozens of commercial and open source digital analysis tools dedicated for this purpose. The challenge is to identify the tool that best fits in a specific case of investigation. To measure the file recovering functionality, we have developed a validation approach for comparing five popular forensic tools: Encase, Recover my files, Recuva, Blade, and FTK. These tools were examined in a fixed scenario to show the differences and capabilities in recovering files after deletion, quick format and full format of a USB stick. Experimental results on selected commercial and open source tools demonstrate effectiveness of proposed approach.
  Keywords: digital forensics; file organisation; Blade; Encase; FTK; Recover my files; Recuva; USB stick; computer storage media; digital forensics software tool; file recovery function; forensic tools; open source digital analysis tool; Blades; Computers; Digital forensics; Media; Recycling; Universal Serial Bus (ID#:14-3244)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814005&isnumber=6813963

• Juvonen, A.; Hamalainen, T., "An Efficient Network Log Anomaly Detection System Using Random Projection Dimensionality Reduction," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1, 5, March 30 2014-April 2 2014 doi: 10.1109/NTMS.2014.6814006 Network traffic is increasing all the time and network services are becoming more complex and vulnerable. To protect these networks, intrusion detection systems are used. Signature-based intrusion detection cannot find previously unknown attacks, which is why anomaly detection is needed. However, many new systems are slow and complicated. We propose a log anomaly detection framework which aims to facilitate quick anomaly detection and also provide visualizations of the network traffic structure. The system preprocesses network logs into a numerical data matrix, reduces the dimensionality of this matrix using random projection and uses Mahalanobis distance to find outliers and calculate an anomaly score for each data point. Log lines that are too different are flagged as anomalies. The system is tested with real-world network data, and actual intrusion attempts are found. In addition, visualizations are created to represent the structure of the network data. We also perform computational time evaluation to ensure the performance is feasible. The system is fast, finds intrusion attempts and does not need clean training data.
  Keywords: digital signatures; security of data; telecommunication traffic; Mahalanobis distance; anomaly score; data point; intrusion attempts; intrusion detection systems; log lines; network data structure; network log anomaly detection system; network services; network traffic structure; numerical data matrix; random projection dimensionality reduction; real-world network data; signature-based intrusion detection; Data mining; Data visualization; Feature extraction; Intrusion detection; Principal component analysis; Real-time systems (ID#:14-3245)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814006&isnumber=6813963

• Binsalleeh, H.; Kara, A.M.; Youssef, A.; Debbabi, M., "Characterization of Covert Channels in DNS," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1, 5, March 30 2014-April 2, 2014. doi: 10.1109/NTMS.2014.6814008 Malware families utilize different protocols to establish their covert communication networks. It is also the case that sometimes they utilize protocols which are least expected to be used for transferring data, e.g., Domain Name System (DNS). Even though the DNS protocol is designed to be a translation service between domain names and IP addresses, it leaves some open doors to establish covert channels in DNS, which is widely known as DNS tunneling. In this paper, we characterize the malicious payload distribution channels in DNS. Our proposed solution characterizes these channels based on the DNS query and response messages patterns. We performed an extensive analysis of malware datasets for one year. Our experiments indicate that our system can successfully determine different patterns of the DNS traffic of malware families.
  Keywords: {cryptographic protocols; invasive software; DNS protocol; DNS traffic; DNS tunneling; IP addresses; communication networks; covert channel characterization; domain name system; malicious payload distribution channels; malware datasets; malware families; message patterns; translation service; Command and control systems; Malware; Payloads; Protocols; Servers; Tunneling (ID#:14-3246)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814008&isnumber=6813963

• Bovet, G.; Hennebert, J., "Distributed Semantic Discovery for Web-of-Things Enabled Smart Buildings," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1,5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814015 Nowadays, our surrounding environment is more and more scattered with various types of sensors. Due to their intrinsic properties and representation formats, they form small islands isolated from each other. In order to increase interoperability and release their full capabilities, we propose to represent devices descriptions including data and service invocation with a common model allowing to compose mashups of heterogeneous sensors. Pushing this paradigm further, we also propose to augment service descriptions with a discovery protocol easing automatic assimilation of knowledge. In this work, we describe the architecture supporting what can be called a Semantic Sensor Web-of-Things. As proof of concept, we apply our proposal to the domain of smart buildings, composing a novel ontology covering heterogeneous sensing, actuation and service invocation. Our architecture also emphasizes on the energetic aspect and is optimized for constrained environments.
  Keywords: {Internet of Things; Web services; home automation; ontologies (artificial intelligence);open systems; software architecture; wireless sensor networks; actuator; data invocation; distributed semantic discovery protocols; interoperability; intrinsic properties; knowledge automatic assimilation; ontology covering heterogeneous sensor; semantic sensor Web of Things; service invocation; smart building; Ontologies; Resource description framework; Semantics; Sensors; Smart buildings; Web services (ID#:14-3247)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814015&isnumber=6813963

• Dassouki, K.; Safa, H.; Hijazi, A., "End to End Mechanism to Protect Sip from Signaling Attacks," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1, 5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814017 SIP is among the most popular Voice over IP signaling protocols. Its deployment in live scenarios showed vulnerability to attacks defined as signaling attacks. These attacks are used to tear down a session or manipulate its parameters. In this paper we present a security mechanism that protects SIP sessions against such attacks. The mechanism uses SIP fingerprint to authenticate messages, in order to prevent spoofing. We validate our mechanism using Openssl and Sipp and show that it is light and robust.
  Keywords: Internet telephony; message authentication; signaling protocols; Openssl; SIP fingerprint; SIP sessions; Sipp; live scenarios; message authentication; security mechanism; signaling attacks; voice over IP signaling protocols; Cryptography; Fingerprint recognition; IP networks; Internet telephony; Protocols; Servers (ID#:14-3248)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814017&isnumber=6813963

• Fachkha, C.; Bou-Harb, E.; Debbabi, M., "Fingerprinting Internet DNS Amplification DDoS Activities," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1,5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814019 This work proposes a novel approach to infer and characterize Internet-scale DNS amplification DDoS attacks by leveraging the darknet space. Complementary to the pioneer work on inferring Distributed Denial of Service (DDoS) using darknet, this work shows that we can extract DDoS activities without relying on backscattered analysis. The aim of this work is to extract cyber security intelligence related to DNS Amplification DDoS activities such as detection period, attack duration, intensity, packet size, rate and geo- location in addition to various network-layer and flow-based insights. To achieve this task, the proposed approach exploits certain DDoS parameters to detect the attacks. We empirically evaluate the proposed approach using 720 GB of real darknet data collected from a /13 address space during a recent three months period. Our analysis reveals that the approach was successful in inferring significant DNS amplification DDoS activities including the recent prominent attack that targeted one of the largest anti-spam organizations. Moreover, the analysis disclosed the mechanism of such DNS amplification DDoS attacks. Further, the results uncover high-speed and stealthy attempts that were never previously documented. The case study of the largest DDoS attack in history lead to a better understanding of the nature and scale of this threat and can generate inferences that could contribute in detecting, preventing, assessing, mitigating and even attributing of DNS amplification DDoS activities.
  Keywords: {Internet; computer network security; Internet-scale DNS amplification DDoS attacks; anti-spam organizations; attack duration; backscattered analysis; cyber security intelligence; darknet space; detection period; distributed denial of service; fingerprinting Internet DNS amplification DDoS activities; geolocation; network-layer; packet size; storage capacity 720 Gbit; Computer crime; Grippers; IP networks; Internet; Monitoring; Sensors (ID#:14-3249)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814019&isnumber=6813963

• Turkoglu, C.; Cagdas, S.; Celebi, A.; Erturk, S., "Hardware Design of Anembedded Real-Time Acoustic Source Location Detector," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1,4, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814022 This paper presents an embedded system that detects the 3 dimensional location of an acoustic source using a multiple microphone constellation. The system consists of a field programmable gate array (FPGA)that is used as main processing unit and the necessary peripherals. The sound signals are captured using multiple microphones that are connected to the embedded system using XLR connectors. The analog sound signals are first amplified using programmable gain amplifiers (PGAs) and then digitized before they are provided to the FPGA. The FPGA carries out the computations necessary for the algorithms to detect the acoustic source location in real-time. The system can be used for consumer electronics applications as well as security and defense applications.
  Keywords: acoustic signal detection; acoustic signal processing; audio signal processing; embedded systems; microphones; FPGA; PGAs; XLR connectors; analog sound signals; anembedded real-time acoustic source location detector; consumer electronics; embedded system; field programmable gate array; hardware design; multiple microphone constellation; programmable gain amplifiers; three dimensional location; Acoustics; Electronics packaging; Field programmable gate arrays; Hardware; Microphones; Position measurement; Synchronization (ID#:14-3250)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814022&isnumber=6813963

• Varadarajan, P.; Crosby, G., "Implementing IPsec in Wireless Sensor Networks," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1,5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814024 There is an increasing need for wireless sensor networks (WSNs) to be more tightly integrated with the Internet. Several real world deployment of stand-alone wireless sensor networks exists. A number of solutions have been proposed to address the security threats in these WSNs. However, integrating WSNs with the Internet in such a way as to ensure a secure End-to-End (E2E) communication path between IPv6 enabled sensor networks and the Internet remains an open research issue. In this paper, the 6LoWPAN adaptation layer was extended to support both IPsec's Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, the communication endpoints in WSNs are able to communicate securely using encryption and authentication. The proposed AH and ESP compressed headers performance are evaluated via test-bed implementation in 6LoWPAN for IPv6 communications on IEEE 802.15.4 networks. The results confirm the possibility of implementing E2E security in IPv6 enabled WSNs to create a smooth transition between WSNs and the Internet. This can potentially play a big role in the emerging "Internet of Things" paradigm.
  Keywords: IP networks; Internet; Zigbee; computer network security; cryptography; wireless sensor networks;6LoWPAN adaptation layer;AH;E2E security; ESP compressed header performance; IEEE 802.15.4 networks; IPsec authentication header;IPv6 enabled sensor networks; Internet; Internet of Things paradigm; WSNs; communication endpoints; encapsulation security payload; encryption; end-to-end communication path; security threats; stand-alone wireless sensor networks; Authentication; IEEE 802.15 Standards; IP networks; Internet; Payloads; Wireless sensor networks (ID#:14-3251)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814024&isnumber=6813963

• Boukhtouta, A.; Lakhdari, N.-E.; Debbabi, M., "Inferring Malware Family through Application Protocol Sequences Signature," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1,5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814026 The dazzling emergence of cyber-threats exert today's cyberspace, which needs practical and efficient capabilities for malware traffic detection. In this paper, we propose an extension to an initial research effort, namely, towards fingerprinting malicious traffic by putting an emphasis on the attribution of maliciousness to malware families. The proposed technique in the previous work establishes a synergy between automatic dynamic analysis of malware and machine learning to fingerprint badness in network traffic. Machine learning algorithms are used with features that exploit only high-level properties of traffic packets (e.g. packet headers). Besides, the detection of malicious packets, we want to enhance fingerprinting capability with the identification of malware families responsible in the generation of malicious packets. The identification of the underlying malware family is derived from a sequence of application protocols, which is used as a signature to the family in question. Furthermore, our results show that our technique achieves promising malware family identification rate with low false positives.
  Keywords: computer network security; invasive software; learning (artificial intelligence);application protocol sequences signature; cyber-threats; machine learning algorithm; malicious packets detection; malware automatic dynamic analysis; malware traffic detection; network traffic; Cryptography; Databases; Engines; Feeds; Malware; Protocols (ID#:14-3252)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814026&isnumber=6813963

• Gritzalis, D.; Stavrou, V.; Kandias, M.; Stergiopoulos, G., "Insider Threat: Enhancing BPM through Social Media," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1, 6, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814027 Modern business environments have a constant need to increase their productivity, reduce costs and offer competitive products and services. This can be achieved via modeling their business processes. Yet, even in light of modelling's widespread success, one can argue that it lacks built-in security mechanisms able to detect and fight threats that may manifest throughout the process. Academic research has proposed a variety of different solutions which focus on different kinds of threat. In this paper we focus on insider threat, i.e. insiders participating in an organization's business process, who, depending on their motives, may cause severe harm to the organization. We examine existing security approaches to tackle down the aforementioned threat in enterprise business processes. We discuss their pros and cons and propose a monitoring approach that aims at mitigating the insider threat. This approach enhances business process monitoring tools with information evaluated from Social Media. It exams the online behavior of users and pinpoints potential insiders with critical roles in the organization's processes. We conclude with some observations on the monitoring results (i.e. psychometric evaluations from the social media analysis) concerning privacy violations and argue that deployment of such systems should be only allowed on exceptional cases, such as protecting critical infrastructures.
  Keywords: business data processing; organisational aspects; process monitoring; social networking (online);BPM enhancement; built-in security mechanism; business process monitoring tools; cost reduction; enterprise business processes; insider threat; organization business process management; privacy violations; social media; Media; Monitoring; Organizations; Privacy; Security; Unified modeling language (ID#:14-3253)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814027&isnumber=6813963

• Azab, M., "Multidimensional Diversity Employment for Software Behavior Encryption," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, no., pp.1, 5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814033 Modern cyber systems and their integration with the infrastructure has a clear effect on the productivity and quality of life immensely. Their involvement in our daily life elevate the need for means to insure their resilience against attacks and failure. One major threat is the software monoculture. Latest research work demonstrated the danger of software monoculture and presented diversity to reduce the attack surface. In this paper, we propose ChameleonSoft, a multidimensional software diversity employment to, in effect, induce spatiotemporal software behavior encryption and a moving target defense. ChameleonSoft introduces a loosely coupled, online programmable software-execution foundation separating logic, state and physical resources. The elastic construction of the foundation enabled ChameleonSoft to define running software as a set of behaviorally-mutated functionally-equivalent code variants. ChameleonSoft intelligently Shuffle, at runtime, these variants while changing their physical location inducing untraceable confusion and diffusion enough to encrypt the execution behavior of the running software. ChameleonSoft is also equipped with an autonomic failure recovery mechanism for enhanced resilience. In order to test the applicability of the proposed approach, we present a prototype of the ChameleonSoft Behavior Encryption (CBE) and recovery mechanisms. Further, using analysis and simulation, we study the performance and security aspects of the proposed system. This study aims to assess the provisioned level of security by measuring the avalanche effect percentage and the induced confusion and diffusion levels to evaluate the strength of the CBE mechanism. Further, we compute the computational cost of security provisioning and enhancing system resilience.
  Keywords: computational complexity; cryptography; multidimensional systems; software fault tolerance; system recovery; CBE mechanism; ChameleonSoft Behavior Encryption; ChameleonSoft recovery mechanisms; autonomic failure recovery mechanism; avalanche effect percentage; behaviorally-mutated functionally-equivalent code variants; computational cost; confusion levels; diffusion levels; moving target defense; multidimensional software diversity employment; online programmable software-execution foundation separating logic; security level; security provisioning; software monoculture; spatiotemporal software behavior encryption; system resilience; Employment; Encryption; Resilience; Runtime; Software; Spatiotemporal phenomena (ID#:14-3254)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814033&isnumber=6813963

• Mauri, G.; Verticale, G., "On the Tradeoff between Performance and User Privacy in Information Centric Networking," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1,5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814040 Widespread use of caching provides advantages for users and providers, such as reduced network latency, higher content availability, bandwidth reduction and server load balancing. In Information Centric Networking, the attention is shifted from users to content, which is addressed by its name and not by its location. Moreover, the content objects are stored as close as possible to the customers. Therefore, the cache has a central role for the improvement of the network performance but this is strictly related to the caching policy used. However, this comes at the price of increased tracing of users communication and users behavior to define an optimal caching policy. A malicious node could exploit such information to compromise the privacy of users. In this work, we compare different caching policies and we take the first steps for defining the tradeoff between caching performance and user privacy guarantee. In particular, we provide a way to implement prefetching and we define some bounds for the users' privacy in this context.
  Keywords: cache storage; perturbation techniques; caching policy; content centric networking; data perturbation; information centric networking; named-data networking; network latency; prefetching; privacy; server load balancing; user's ranking; Computational modeling; Data privacy; Delays; Games; Prefetching; Privacy; Vectors (ID#:14-3255)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814040&isnumber=6813963

• Abu-Ella, O.; Elmusrati, M., "Partial Constrained Group Decoding: A New Interference Mitigation Technique for the Next Generation Networks," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1,5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814042 This paper investigates performance of the constrained partial group decoding (CPGD) technique in interference channel (IC) environment. It demonstrates the CPGD capability to manage and mitigate interference comparing with other interference mitigation schemes which are based on interference alignment strategy; this comparison is carried out for MIMO interference channel. Numerical results show that CPGD achieves one of the highest capacities comparing to other considered schemes. As well, evaluation of bit error rate (BER) using very long low density parity-check (LDPC) codes demonstrates the competency of the CPGD which significantly outperforms the other techniques. This makes the CPGD a promising scheme for interference mitigation for the next generation of wireless communication systems; especially, if we take into account that CPGD is only based on receive-side processing; and that means, there is no need for any overwhelming feedback in such a system. Also, and more importantly, if we keep in mind the reduction of its required computational complexity, due to its complexity controlling feature, i.e., by it's flexibility to limit the group size of the jointly decoded users, comparing with the huge computational complexity of the iterative multi- user detection (MUD) schemes, as interference alignment approach.
  Keywords: MIMO communication; decoding; interference suppression; parity check codes; radiofrequency interference; MIMO interference channel ;bit error rate; constrained partial group decoding; interference alignment strategy; interference channel environment; interference mitigation technique; next generation network; partial constrained group decoding; receive side processing; very long low density parity check codes; Bit error rate; Interference channels; MIMO; Receivers; Signal to noise ratio; Transmitters (ID#:14-3256)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814042&isnumber=6813963

• Petrlic, R.; Sorge, C., "Privacy-Preserving Digital Rights Management based on Attribute-based Encryption," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1, 5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814044 We present a privacy-preserving multiparty DRM scheme that does not need a trusted third party. Users anonymously buy content from content providers and anonymously execute it at content execution centers. The executions are unlinkable to each other. The license check is performed as part of the used ciphertext-policy attribute-based encryption (CP-ABE) and, thus, access control is cryptographically enforced. The problem of authorization proof towards the key center in an ABE scheme is solved by a combination with anonymous payments.
  Keywords: cryptography; digital rights management; ABE scheme; access control; anonymous payments; attribute-based encryption; authorization proof; ciphertext-policy attribute-based encryption; privacy-preserving digital rights management; privacy-preserving multiparty DRM scheme; Cloud computing; Encryption; Licenses; Privacy; Protocols (ID#:14-3257)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814044&isnumber=6813963

• Hmood, A.; Fung, B.C.M.; Iqbal, F., "Privacy-Preserving Medical Reports Publishing for Cluster Analysis," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1,8, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814045 Health data mining is an emerging research direction. High-quality health data mining results rely on having access to high-quality patient information. Yet, releasing patient-specific medical reports may potentially reveal sensitive information of the individual patients. In this paper, we study the problem of anonymizing medical reports and present a solution to anonymize a collection of medical reports while preserving the information utility of the medical reports for the purpose of cluster analysis. Experimental results show that our proposed approach can the impact of anonymization on the cluster quality is minor, suggesting that the feasibility of simultaneously preserving both information utility and privacy in anonymous medical reports.
  Keywords: data mining; data privacy; electronic health records; pattern clustering; cluster analysis; health data mining; information utility; medical report anonymization; patient-specific medical reports; privacy-preserving medical reports publishing; Clustering algorithms; Data privacy; Diseases; Information retrieval; Medical diagnostic imaging; Privacy (ID#:14-3258)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814045&isnumber=6813963

• Dimitriou, T., "Secure and Scalable Aggregation in the Smart Grid," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1, 5, March 30 2014-April 2 2014 doi: 10.1109/NTMS.2014.6814048 In this work, we describe two decentralized protocols that can be used to securely aggregate the electricity measurements made by n smart meters. The first protocol is a very lightweight one, it uses only symmetric cryptographic primitives and provides security against honest-but-curious adversaries. The second one is public-key based and its focus in on the malicious adversarial model; malicious entities not only try to learn the private measurements of smart meters but can also disrupt protocol execution. Both protocols do not rely on centralized entities or trusted third parties to operate and they are highly scalable since every smart meter has to interact with only a few other meters. Both are very efficient in practice requiring only O(1) work and memory overhead per meter, thus making these protocols fit for real-life smart grid deployments.
  Keywords: power system security; smart meters; smart power grids; decentralized protocols; electricity measurements; malicious adversarial model; malicious entities; scalable aggregation; smart grid; smart meters; symmetric cryptographic primitives; trusted third parties; Encryption; Protocols; Public key; Silicon; Smart grids (ID#:14-3259)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814048&isnumber=6813963

• Kabbani, B.; Laborde, R.; Barrere, F.; Benzekri, A., "Specification and Enforcement of Dynamic Authorization Policies Oriented by Situations," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1,6, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814050 Nowadays, accessing communication networks and systems faces multitude applications with large-scale requirements dimensions. Mobility -roaming services in particular- during urgent situations exacerbate the access control issues. Dynamic authorization then is required. However, traditional access control fails to ensure policies to be dynamic. Instead, we propose to externalize the dynamic behavior management of networks and systems through situations. Situations modularize the policy into groups of rules and orient decisions. Our solution limits policy updates and hence authorization inconsistencies. The authorization system is built upon the XACML architecture coupled with a complex event- processing engine to handle the concept of situations. Situation- oriented attribute based policies are defined statically allowing static verification and validation.
  Keywords: authorisation; XACML architecture; access control; dynamic authorization policies; mobility roaming services; Authorization; Computer architecture; Context; Engines; Medical services (ID#:14-3260)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814050&isnumber=6813963

• Albino Pereira, A.; Bosco M.Sobral, J.; Merkle Westphall, C., "Towards Scalability for Federated Identity Systems for Cloud-Based Environments," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1,5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814055 As multi-tenant authorization and federated identity management systems for cloud computing matures, the provisioning of services using this paradigm allows maximum efficiency on business that requires access control. However, regarding scalability support, mainly horizontal, some characteristics of those approaches based on central authentication protocols are problematic. The objective of this work is to address these issues by providing an adapted sticky-session mechanism for a Shibboleth architecture using CAS. This alternative, compared with the recommended shared memory approach, shown improved efficiency and less overall infrastructure complexity.
  Keywords: authorisation; cloud computing; cryptographic protocols; CAS; Shibboleth architecture; central authentication protocols; central authentication service; cloud based environments; cloud computing; federated identity management systems; federated identity system scalability; multitenant authorization; sticky session mechanism; Authentication; Cloud computing; Proposals; Scalability; Servers; Virtual machining (ID#:14-3261)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814055&isnumber=6813963

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

ACM CHI Conference on Human Factors in Computing Systems - Toronto, Canada

---

ACM CHI Conference on Human Factors in Computing Systems CHI 2014 was held in Toronto, Canada from April 26- May 1. Papers shown below were selected based on their relevance to Human Behavior and Cybersecurity, and were presented in various sessions including Social Local Mobile; Privacy; Risks and Security; and Authentication and Passwords.

Session: Social Local Mobile

Let's Do It at My Place Instead? Attitudinal and Behavioral Study of Privacy in Client-Side Personalization
Alfred Kobsa, Bart P. Knijnenburg, Benjamin Livshits
Many users welcome personalized services, but are reluctant to provide the information about themselves that personalization requires. Performing personalization exclusively at the client side (e.g., on one's smartphone) may conceptually increase privacy, because no data is sent to a remote provider. But does client-side personalization (CSP) also increase users' perception of privacy? We developed a causal model of privacy attitudes and behavior in personalization, and validated it in an experiment that contrasted CSP with personalization at three remote providers: Amazon, a fictitious company, and the "Cloud". Participants gave roughly the same amount of personal data and tracking permissions in all four conditions. A structural equation modeling analysis reveals the reasons: CSP raises the fewest privacy concerns, but does not lead in terms of perceived protection nor in resulting self-anticipated satisfaction and thus privacy-related behavior. Encouragingly, we found that adding certain security features to CSP is likely to raise its perceived protection significantly. Our model predicts that CSP will then also sharply improve on all other privacy measures.
Keywords: Privacy; personalization; client-side; structural equation modeling (SEM); attitudes; behaviors (ID#:14-3342)
URL: http://dl.acm.org/citation.cfm?id=2557102 or http://dx.doi.org/10.1145/2556288.2557102

The Effect of Developer-Specified Explanations for Permission Requests on Smartphone User Behavior
Joshua S Tan, Khanh Nguyen, Michael Theodorides, Heidi Negron-Arroyo, Christopher Thompson, Serge Egelman, David Wagner
In Apple's iOS 6, when an app requires access to a protected resource (e.g., location or photos), the user is prompted with a permission request that she can allow or deny. These permission request dialogs include space for developers to optionally include strings of text to explain to the user why access to the resource is needed. We examine how app developers are using this mechanism and the effect that it has on user behavior. Through an online survey of 772 smartphone users, we show that permission requests that include explanations are significantly more likely to be approved. At the same time, our analysis of 4,400 iOS apps shows that the adoption rate of this feature by developers is relatively small: around 19 % of permission requests include developer-specified explanations. Finally, we surveyed 30 iOS developers to better understand why they do or do not use this feature.
Keywords: Smartphones; Privacy; Access Control; Usability (ID#:14-3343)
URL: http://dl.acm.org/citation.cfm?id=2557400 or http://dx.doi.org/10.1145/2556288.2557400

Effects of Security Warnings and Instant Gratification Cues on Attitudes toward Mobile Websites
Bo Zhang, Mu Wu, Hyunjin Kang, Eun Go, S. Shyam Sundar
In order to address the increased privacy and security concerns raised by mobile communications, designers of mobile applications and websites have come up with a variety of warnings and appeals. While some interstitials warn about potential risk to personal information due to an untrusted security certificate, others attempt to take users' minds away from privacy concerns by making tempting, time-sensitive offers. How effective are they? We conducted an online experiment (N = 220) to find out. Our data show that both these strategies raise red flags for users--appeals to instant gratification make users more leery of the site and warnings make them perceive greater threat to personal data. Yet, users tend to reveal more information about their social media accounts when warned about an insecure site. This is probably because users process these interstitials based on cognitive heuristics triggered by them. These findings hold important implications for the design of cues in mobile interfaces.
Keywords: Online privacy; security; information disclosure; trust; mobile interface. (ID#:14-3344)
URL: http://dl.acm.org/citation.cfm?id=2557347 or http://dx.doi.org/10.1145/2556288.2557347

Session: Privacy

Leakiness and Creepiness in App Space: Perceptions of Privacy and Mobile App Use
Irina A Shklovski, Scott D. Mainwaring, Halla Hrund Skuladottir, Hoskuldur Borgthorsson
Mobile devices are playing an increasingly intimate role in everyday life. However, users can be surprised when in-formed of the data collection and distribution activities of apps they install. We report on two studies of smartphone users in western European countries, in which users were confronted with app behaviors and their reactions assessed. Users felt their personal space had been violated in "creepy" ways. Using Altman's notions of personal space and territoriality, and Nissenbaum's theory of contextual integrity, we account for these emotional reactions and suggest that they point to important underlying issues, even when users continue using apps they find creepy.
Keywords: Mobile devices; data privacy; bodily integrity;learned helplessness; creepiness (ID#:14-3345)
URL: http://dl.acm.org/citation.cfm?id=2557421 or http://dx.doi.org/10.1145/2556288.2557421

A Field Trial of Privacy Nudges for Facebook
Yang Wang, Pedro Giovanni Leon, Alessandro Acquisti, Lorrie Faith Cranor, Alain Forget, Norman Sadeh
Anecdotal evidence and scholarly research have shown that Internet users may regret some of their online disclosures. To help individuals avoid such regrets, we designed two modifications to the Facebook web interface that nudge users to consider the content and audience of their online disclosures more carefully. We implemented and evaluated these two nudges in a 6-week field trial with 28 Facebook users. We analyzed participants' interactions with the nudges, the content of their posts, and opinions collected through surveys. We found that reminders about the audience of posts can prevent unintended disclosures without major burden; however, introducing a time delay before publishing users' posts can be perceived as both beneficial and annoying. On balance, some participants found the nudges helpful while others found them unnecessary or overly intrusive. We discuss implications and challenges for designing and evaluating systems to assist users with online disclosures.
Keywords: Behavioral bias; Online disclosure; Social media; Facebook; Nudge; Privacy; Regret; Soft-paternalism (ID#:14-3346)
URL: http://dl.acm.org/citation.cfm?id=2557413 or http://dx.doi.org/10.1145/2556288.2557413

Session: Risks and Security

Betrayed By Updates: How Negative Experiences Affect Future Security
Kami E. Vaniea, Emilee Rader, Rick Wash
Installing security-relevant software updates is one of the best computer protection mechanisms. However, users do not always choose to install updates. Through interviewing non-expert Windows users, we found that users frequently decide not to install future updates, regardless of whether they are important for security, after negative experiences with past updates. This means that even non-security updates (such as user interface changes) can impact the security of a computer. We discuss three themes impacting users' willingness to install updates: unexpected new features in an update, the difficulty of assessing whether an update is ``worth it'', and confusion about why an update is necessary.
Keywords: Software Updates; Human Factors; Security (ID#:14-3347)
URL: http://dl.acm.org/citation.cfm?id=2557275 or http://dx.doi.org/10.1145/2556288.2557275

Session: Authentication and Passwords

Can Long Passwords be Secure and Usable?
Richard Shay, Saranga Komanduri, Adam L. Durity, Phillip (Seyoung) Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor
To encourage strong passwords, system administrators employ password-composition policies, such as a traditional policy requiring that passwords have at least 8 characters from 4 character classes and pass a dictionary check. Recent research has suggested, however, that policies requiring longer passwords with fewer additional requirements can be more usable and in some cases more secure than this traditional policy. To explore long passwords in more detail, we conducted an online experiment with 8,143 participants. Using a cracking algorithm modified for longer passwords, we evaluate eight policies across a variety of metrics for strength and usability. Among the longer policies, we discover new evidence for a security/usability tradeoff, with none being strictly better than another on both dimensions. However, several policies are both more usable and more secure that the traditional policy we tested. Our analyses additionally reveal common patterns and strings found in cracked passwords. We discuss how system administrators can use these results to improve password-composition policies.
Keywords: Passwords; Password-composition policies; Security policy; Usable security; Authentication (ID#:14-3348)
URL: http://dl.acm.org/citation.cfm?id=2557377 or http://dx.doi.org/10.1145/2556288.2557377

An Implicit Author Verification System for Text Messages Based on Gesture Typing Biometrics
Ulrich Burgbacher, Klaus H. Hinrichs
Gesture typing is a popular text input method used on smartphones. Gesture keyboards are based on word gestures that subsequently trace all letters of a word on a virtual keyboard. Instead of tapping a word key by key, the user enters a word gesture with a single continuous stroke. In this paper, we introduce an implicit user verification approach for short text messages that are entered with a gesture keyboard. We utilize the way people interact with gesture keyboards to extract behavioral biometric features. We propose a proof-of-concept classification framework that learns the gesture typing behavior of a person and is able to decide whether a gestured message was written by the legitimate user or an imposter. Data collected from gesture keyboard users in a user study is used to assess the performance of the classification framework, demonstrating that the technique has considerable promise.
Keywords: Gesture keyboards; implicit authentication; behavioral biometrics; mobile phone security (ID#:14-3349)
URL: http://dl.acm.org/citation.cfm?id=2557346 or http://dx.doi.org/10.1145/2556288.2557346

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

China Summit & International Conference on Signal and Information Processing (ChinaSIP) - Xi'an, China

---

2014 IEEE China Summit & International Conference on Signal and Information Processing (ChinaSIP) was held 9-13 July 2014 in Xi'an, China. Research includes such topics as steganography, forensics, secure burst transmissions, retrieval of encrypted JPEG images, signal reconstruction, target signal detection, synthetic aperture radar, and much more.

• Xinpeng Zhang; Hang Cheng, "Histogram-based retrieval for encrypted JPEG images," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.446,449, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889282 This work proposes a novel scheme for encrypted JPEG image retrieval, which includes image encryption and unsupervised/supervised retrieval phases. Using this scheme, the encrypted images are produced by permuting DCT coefficients, and transmitted to a database server. With an encrypted query image, although the server does not know the plaintext content, he may get the histogram at each frequency position. After calculating the distances between the histograms of encrypted query image and database image, the server can return the encrypted images with plaintext content similar to the query image according to integrated distances. If a training image set is available, the retrieval results can be also determined by conditional probabilities calculated from a supervised mechanism.
  Keywords: cryptography; discrete cosine transforms; image coding; image retrieval; DCT coefficients; database image; encrypted JPEG image retrieval; encrypted images; encrypted query image; histogram-based retrieval; image encryption; unsupervised retrieval phases; Databases; Encryption; Feature extraction; Histograms; Servers; Transform coding; Histogram; Image encryption; Image retrieval (ID#:14-3217)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889282&isnumber=6889177

• Jia Duan; Lei Zhang; Yifeng Wu; Mengdao Xing; Min Wu, "A Novel Signal Reconstructing Method For Radar Targets," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on , vol., no., pp.175,178, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889226 In this paper, a novel signal reconstructing method for radar targets is proposed based on the attributed scattering center model. By extracting the attributed parameters, the large amount of target data can be represented by small amounts of attributed parameters. In this way, the data amount has been compressed sharply, which releases the computer memory for storage. After extraction, a target discriminating method is presented by applying a CFAR threshold to the energy of extracted attributed scattering centers, by which, weak distributed scattering centers with relatively high energy in total can be discriminated from noise under low SNRs. Experimental results validate the effectiveness of the signal reconstructing capability of the proposal.
  Keywords: radar signal processing; radar target recognition; scattering; signal reconstruction; CFAR threshold; SNR; attributed parameters extraction; attributed scattering center model; radar target; signal reconstruction method ;target discriminating method; weak distributed scattering center; Image reconstruction; Noise; Parameter estimation; Radar imaging; Scattering; Signal reconstruction; Signal reconstruction; attributed scattering center; radar images (ID#:14-3218)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889226&isnumber=6889177

• Ziqiang Meng; Yachao Li; Mengdao Xing; Zheng Bao, "Imaging Of Missile-Borne Bistatic Forward-Looking SAR," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.179,183, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889227 As a special imaging mode, missile-borne bistatic forward-looking synthetic aperture radar (MBFL-SAR) has many advantages in two-dimensional (2-D) imaging capability for targets in the straight-ahead position over mono-static missile-borne SAR and airborne SAR. It is difficult to obtain the 2-D frequency spectrum of the target echo signal due to the high velocity and acceleration in this configuration, which brings a lot of obstacles to the following imaging processing. A new imaging algorithm for MBFL-SAR configuration based on series reversion is proposed in this paper. The 2-D frequency spectrum obtained through this method can implement range compression and range cell migration correction (RCMC) effectively. Finally, some simulations of point targets and comparison results confirm the efficiency of our proposed algorithm.
  Keywords: airborne radar; military radar; missiles; radar imaging; synthetic aperture radar; 2D frequency spectrum;2D imaging; MBFL-SAR imaging mode; RCMC; airborne SAR; missile-borne bistatic forward-looking SAR imaging; mono-static missile-borne SAR; point target simulation; range cell migration correction; range compression; series reversion; straight-ahead position; synthetic aperture radar; target echo signal ;two-dimensional imaging capability; Algorithm design and analysis; Azimuth; Data models; Frequency-domain analysis; Imaging; Synthetic aperture radar;2-D frequency spectrum; MBFL-SAR; Method of series reversion; SAR imaging (ID#:14-3219)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889227&isnumber=6889177

• Xun Chao Cong; Rong Qiang Zhu; Yu Lin Liu; Qun Wan, "Feature Extraction of SAR Target In Clutter Based On Peak Region Segmentation And Regularized Orthogonal Matching Pursuit," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.189,193, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889229 Feature extraction in clutter is a challenging problem in SAR target recognition because of the difficulty in distinguishing the target signature from the background. In this paper, a new feature extracting algorithm based on automated peak region segmentation (PRS) and regularized orthogonal matching pursuit (ROMP) techniques is presented and called PRS-ROMP. It combines the processes in both signal domain and image domain. First, the proposed method uses PRS and parametric model (PM) to obtain the positions and atoms of strong scattering centers of target. Then we acquire the positions and atoms of weak scattering centers by the sparse reconstruction algorithm and PM for residual region. By using all atoms of strong and weak scattering centers we get the final amplitude estimation by LS. Experimental results of electromagnetic calculations data in clutter validate the proposed target feature extraction method.
  Keywords: amplitude estimation; feature extraction; image recognition; image reconstruction; image segmentation; iterative methods; least squares approximations; radar clutter; radar imaging; synthetic aperture radar; time-frequency analysis; LS; PM; PRS; ROMP technique; SAR target recognition; amplitude estimation; automated peak region segmentation; clutter; electromagnetic calculation; parametric model; regularized orthogonal matching pursuit technique; sparse reconstruction algorithm; target feature extraction method; target scattering center; Accuracy; Clutter; Feature extraction; Matching pursuit algorithms; Scattering; Signal processing algorithms; Sparse matrices; ROMP; SAR; automated peak region segmentation; feature extraction; parametric model (ID#:14-3220)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889229&isnumber=6889177

• Azouz, A.; Zhenfang Li, "Improved Phase Gradient Autofocus Algorithm Based On Segments Of Variable Lengths And Minimum Entropy Phase Correction," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.194,198, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889230 In this paper, an improved phase gradient autofocus (PGA) Algorithm motion compensation (MOCO) approaches is proposed for the unmanned aerial vehicle (UAV) synthetic aperture radar (SAR) imagery. The approach is implemented in two-steps. The first step determines the length of segments depending on number of good quality scatterers and motion errors obtained from navigation data. In the second step, a novel minimum-entropy phase correction based on the Discrete Cosine Transform (DCT) coefficients is proposed. In this approach, transform phase error estimates by PGA to DCT-coefficient. The entropy of a focused image is utilized as the optimization function of the DCT coefficients to improve the final images quality. Finally, real-data experiments show that the proposed approach is appropriate for highly precise imaging of UAV SAR.
  Keywords: autonomous aerial vehicles; discrete cosine transforms; gradient methods; minimum entropy methods; motion compensation; radar imaging; synthetic aperture radar; DCT coefficients; PGA algorithm; SAR imagery; UAV-SAR imagery; discrete cosine transform; improved phase gradient autofocus algorithm; minimum entropy phase correction; motion errors; navigation data; optimization function; synthetic aperture radar; unmanned aerial vehicle; variable length segment; Azimuth; Electronics packaging; Entropy; Image segmentation; Motion segmentation; Navigation; Synthetic aperture radar; Motion compensation (MOCO); phase gradient autofocus (PGA) (ID#:14-3221)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889230&isnumber=6889177

• Sheng-juan Cheng; Wen-Qin Wang; Huaizong Shao, "MIMO OFDM chirp waveform design with spread spectrum modulation," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.208,211, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889233 This paper proposes an approach to design orthogonal multiplexing waveform for use of Multiple-input Multiple-output (MIMO) radar. The designed scheme incorporate direct sequence spread spectrum (DSSS) coding techniques on orthogonal frequency division multiplexing (OFDM) chirp signaling. We call it spread spectrum coded OFDM chirp (SSCOC) signaling. The performance of the signals are analyzed with the cross-ambiguity function. In the experiment, the influence of spread spectrum code length and type as well as the bandwidth and duration of OFDM chirp waveforms on cross-ambiguity function (CAF) is discussed. It is verified that the proposed design scheme can ensure these waveforms stay orthogonal on receive and obtain large time-bandwidth product which are beneficial to separate closely spaced targets with ultra-high resolution.
  Keywords: MIMO radar; OFDM modulation; spread spectrum communication; MIMO OFDM chirp waveform design; cross ambiguity function; direct sequence spread spectrum coding technique; multiple input multiple output radar; orthogonal frequency division multiplexing chirp signaling; orthogonal multiplexing waveform; spread spectrum code; spread spectrum modulation; Bandwidth; Chirp; Gold; MIMO; OFDM; Synthetic aperture radar; Cross-Ambiguity Function (CAF); Direct Sequence Spread Spectrum (DSSS); Multiple-input Multiple-output (MIMO); Orthogonal frequency division multiplexing (OFDM); Spread Spectrum Coded OFDM Chirp (SSCOC) (ID#:14-3222)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889233&isnumber=6889177

• Xiaofei Wang; Yanmeng Guo; Qiang Fu; Yonghong Yan, "Reverberation Robust Two-Microphone Target Signal Detection Algorithm With Coherent Interference," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.237,241, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889239 In this paper, a reverberation robust Target Signal Detection (TSD) algorithm using two microphones is proposed. Most of traditional TSD algorithms are based on the assumption of free sound field and close-talking scene incorporate with multichannel system. They lack in achieving robustness in reverberant and noisy environment. The proposed TSD algorithm is based on Beam-to-Reference Ratio (BRR), and a novel estimator, Direct-to-Reverberate Ratio (DRR), is introduced to enlarge the basic assumption to reverberant and distant-talking scene. Spatial correlation information between microphones is used to estimate the DRR to revise threshold on each Time-Frequency (T-F) block and to form full-band likelihood using soft-decision information. Experimental results show that the proposed method performs robust in different reverberant environments with coherent interferences when target signal is from priori known direction-of-arrivals (DOA) in distant-talking scene.
  Keywords: direction-of-arrival estimation; microphones; object detection; reverberation; signal detection; beam-to-reference ratio; coherent interference; direct-to-reverberate ratio; direction-of-arrivals; distant-talking scene; estimator; full-band likelihood; microphones; multichannel system; reverberant assumption; reverberation robust target signal detection; reverberation robust two-microphone target signal detection algorithm; soft-decision information; spatial correlation information; time-frequency block ;Interference; Microphones; Noise; Reverberation; Robustness; Speech; Speech enhancement; Direct-to-Reverberate Ratio; Reverberation Robust; Speech Enhancement; Target Signal Detection (ID#:14-3223)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889239&isnumber=6889177

• Aggarwal, H.K.; Majumdar, A., "Compressive Sensing Multi-Spectral Demosaicing From Single Sensor Architecture," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.334,338, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889259 This paper addresses the recovery of multi-spectral images from single sensor cameras using compressed sensing (CS) techniques. It is an exploratory work since this particular problem has not been addressed before. We considered two types of sensor arrays - uniform and random; and two recovery approaches - Kronecker CS (KCS) and group-sparse reconstruction. Two sets of experiments were carried out. From the first set of experiments we find that both KCS and group-sparse recovery yields good results for random sampling, but for uniform sampling only KCS yields good results. In the second set of experiments we compared our proposed techniques with state-of-the-art methods. We find that our proposed methods yields considerable better results.
  Keywords: cameras; compressed sensing; image reconstruction; image sampling ;image segmentation; image sensors; sensor arrays; KCS approach; Kronecker CS approach; compressed sensing technique; group-sparse reconstruction; multispectral demosaicing; multispectral image recovery; random sampling; sensor array; single sensor architecture; single sensor camera; Cameras; Compressed sensing; Filtering algorithms; Image reconstruction; Signal processing; Transforms; Compressed Sensing; Demosaicing; Multi-spectral Imaging (ID#:14-3224)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889259&isnumber=6889177

• Bo Li; Yuchao Dai; Mingyi He; van den Hengel, A., "A Relaxation Method To Articulated Trajectory Reconstruction From Monocular Image Sequence," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.389,393, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889270 In this paper, we present a novel method for articulated trajectory reconstruction from a monocular image sequence. We propose a relaxation-based objective function, which utilises both smoothness and geometric constraints, posing articulated trajectory reconstruction as a non-linear optimization problem. The main advantage of this approach is that it remains the re-constructive power of the original algorithm, while improving its robustness to the inevitable noise in the data. Furthermore, we present an effective approach to estimating the parameters of our objective function. Experimental results on the CMU motion capture dataset show that our proposed algorithm is effective.
  Keywords: image motion analysis; image reconstruction; image sequences; nonlinear programming; CMU motion capture dataset; articulated trajectory reconstruction; geometric constraint; monocular image sequence; nonlinear optimization problem; relaxation method; relaxation-based objective function; Cameras; Educational institutions; Image reconstruction; Linear programming; Noise; Three-dimensional displays; Trajectory; articulated trajectory; noise; relaxation; robust; smoothness (ID#:14-3225)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889270&isnumber=6889177

• Cong Liu; Hefei Ling; Fuhao Zou; Lingyu Yan; Xinyu Ou, "Efficient Digital Fingerprints Tracing," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.431,435, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889279 Digital fingerprinting is a promising approach to protect multimedia contents from unauthorized redistribution. Whereas, large scale and high dimensionality make existing fingerprint detection methods fail to trace the traitors efficiently. To handle this problem, we propose a novel local and global structure preserving hashing to conduct fast fingerprint detection. Applying the hashing method, we obtain a low-dimensional neighborhood-preserving hash code for each fingerprint. Through hash codes, we can find the nearest neighbors of the extracted fingerprint, thereby tracing the real traitors within a small range. These properties make the proposed approach efficient to trace the real traitors. Extensive experiments demonstrate that the proposed approach outperforms traditional linear scan detection methods in term of efficiency.
  Keywords: cryptography; fingerprint identification; digital fingerprint tracing; fingerprint detection; fingerprint extraction; linear scan detection methods; low-dimensional neighborhood-preserving hash code; multimedia content protection; Correlation; Fingerprint recognition; Forensics; Indexes; Multimedia communication; Training; Watermarking; digital fingerprinting; hash-based similarity search; multimedia security; neighborhood preserving hashing (ID#:14-3226)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889279&isnumber=6889177

• Lingyu Yan; Hefei Ling; Cong Liu; Xinyu Ou, "Hashing based feature aggregating for fast image copy retrieval," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.441,445, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889281 Recently the methods based on visual words have become very popular in near- duplicate retrieval and content identification. However, obtaining the visual vocabulary by quantization is very time-consuming and unscalable to large databases. In this paper, we propose a fast feature aggregating method for image representation which uses machine learning based hashing to achieve fast feature aggregation. Since the machine learning based hashing effectively preserves neighborhood structure of data, it yields visual words with strong discriminability. Furthermore, the generated binary codes leads image representation building to be of low-complexity, making it efficient and scalable to large scale databases. The evaluation shows that our approach significantly outperforms state-of-the-art methods.
  Keywords: data structures; database management systems image representation ;image retrieval; learning (artificial intelligence); binary codes; content identification; fast feature aggregating method; feature aggregation; hashing based feature; image copy retrieval; image representation; large scale database; machine learning based hashing; near-duplicate retrieval; neighborhood data structure; visual vocabulary; visual words; Binary codes; Feature extraction; Histograms; Image representation; Linear programming; Training; Visualization; Feature Aggregation; Image Copy Retrieval; Machine Learning base hashing; Visual Words (ID#:14-3227)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889281&isnumber=6889177

• Tianzhuo Wang; Xiangwei Kong; Yanqing Guo; Bo Wang, "Exposing the Double Compression In MP3 Audio By Frequency Vibration," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on , vol., no., pp.450,454, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889283 A novel approach is presented to detect double compressed MP3 audio by frequency vibration. With the analysis of double compression effect on MDCT (Modified Discrete Cosine Transform) coefficients in MP3 audio, we propose a simple feature called FVV (frequency vibration value) to measure the vibration caused by double compression. The experimental results on challenging dataset show that our method outperforms most of the existing methods in double MP3 compression detection, especially with a second bitrate higher than the first one. Besides, we can also estimate the original bit-rate for a double compressed MP3 by this technique.
  Keywords: audio coding; data compression; discrete cosine transforms; signal detection; FVV;MDCT; double MP3 compression detection; double compressed MP3 audio detection; double compression effect analysis; frequency vibration value; modified discrete cosine transform; second bitrate; Accuracy; Digital audio players; Feature extraction; Frequency measurement; Multimedia communication; Transforms; Vibrations; MDCT coefficients;MP3;audio forensics; double compression detection; frequency vibration (ID#:14-3228)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889283&isnumber=6889177

• Xiaohua Li; Zifan Zhang, "Exploit the Scale Of Big Data For Data Privacy: An Efficient Scheme Based On Distance-Preserving Artificial Noise And Secret Matrix Transform," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.500,504, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889293 In this paper we show that the extensive results in blind/non-blind channel identification developed within the community of signal processing in communications can play an important role in guaranteeing big data privacy. It is widely believed that the sheer scale of big data makes most conventional data privacy techniques ineffective for big data. In contrast to this pessimistic common belief, we propose a scheme that exploits the sheer scale to guarantee privacy. This scheme uses jointly artificial noise and secret matrix transform to scramble the source data. Desirable data utility can be supported because the noise and the transform preserve some important geometric properties of the source data. With a comprehensive privacy analysis, we use the blind/non-blind channel identification theories to show that the secret transform matrix and the source data can not be estimated from the scrambled data. The artificial noise and the sheer scale of big data are critical for this purpose. Simulations of collaborative filtering are conducted to demonstrate the proposed scheme.
  Keywords: Big Data; data privacy; transforms; big data privacy; blind-nonblind channel identification theories; collaborative filtering; distance-preserving artificial noise; privacy analysis; secret matrix transform; source data scrambling; Accuracy; Big data; Data privacy; Estimation; Noise; Privacy; Transforms; big data; blind source separation; channel identification; privacy; signal processing (ID#:14-3229)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889293&isnumber=6889177

• Yang Wang; Dan-Feng Zhao; Xi Liao, "Simplified Maximum Likelihood Detection For Multi-Beam Satellite Systems Using Group-Wise Interference Cancellation," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.559,562, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889305 The ideal joint detection method for multi-beam satellite systems is the maximum likelihood (ML) detection, while the complexity increases exponentially with the number of spot beams. A simplified ML detection is proposed for multi-beam satellite systems in this paper. The proposed algorithm is based on grouping of spot beams. ML detection is applied within groups after a crucial group detection and interference cancellation. The performance is improved by keeping multiple candidates for each group and a final constrained ML detection. Simulation results verify that the proposed algorithm reduces the computational complexity significantly while limiting the performance loss to within 0.2 dB from ML detection. In addition, the complexity of the proposed algorithm is reduced by 60 percent compared with that of a multistage group detection algorithm.
  Keywords: interference suppression; maximum likelihood detection; radiofrequency interference; satellite communication; crucial group detection; groupwise interference cancellation; ideal joint detection method; maximum likelihood detection; multibeam satellite systems; Computational complexity; Interference cancellation; Maximum likelihood detection; Partitioning algorithms; Satellites; Simulation; group-wise interference cancellation; maximum likelihood detection; multi-beam satellites; satellite communications (ID#:14-3230)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889305&isnumber=6889177

• Chao Jin; Rangding Wang; Diqun Yan; Pengfei Ma; Kaiyun Yang, "A Novel Detection Scheme For MP3Stego With Low Payload," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.602,606, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889314 MP3Stego is a typical steganographic tool of MP3 audios. Though many researchers have been making every effort on attacking it, the performance of their approaches could be improved especially at the low embedding rate. In this paper, we have proposed a scheme for detecting low embedding rate of MP3Stego. Based on investigating the embedding principle of MP3Stego and observing the alteration of quantized MDCT coefficients (QMDCTs), the one-step transition probabilities of the difference of quantized MDCT coefficients were extracted. Finally, SVM was used for constructing a classification model according to the extracted features. Experimental results show that our scheme can effectively detect the MP3Stego steganography with low payload.
  Keywords: audio signal processing; discrete cosine transforms; feature extraction; probability; signal detection; steganography; support vector machines; MP3 audios; MP3Stego; QMDCTs; SVM; classification model; feature extraction; low embedding rate detection scheme; low payload; one-step transition probability; quantized MDCT coefficients; steganographic tool; Bit rate; Digital audio players; Encoding; Feature extraction; Payloads; Probability; Transform coding;MP3;low embedding rate; steganalysis; steganography; transition probability (ID#:14-3231)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889314&isnumber=6889177

• Xiaochun Cao; Na Liu; Ling Du; Chao Li, "Preserving Privacy For Video Surveillance Via Visual Cryptography," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.607,610, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889315 The video surveillance widely installed in public areas poses a significant threat to the privacy. This paper proposes a new privacy preserving method via the Generalized Random-Grid based Visual Cryptography Scheme (GRG-based VCS). We first separate the foreground from the background for each video frame. These foreground pixels contain the most important information that needs to be protected. Every foreground area is encrypted into two shares based on GRG-based VCS. One share is taken as the foreground, and the other one is embedded into another frame with random selection. The content of foreground can only be recovered when these two shares are got together. The performance evaluation on several surveillance scenarios demonstrates that our proposed method can effectively protect sensitive privacy information in surveillance videos.
  Keywords: cryptography; data protection; video surveillance; GRG-based VCS; foreground pixels; generalized random-grid based visual cryptography scheme; performance evaluation; random selection; sensitive privacy information preservation method; video frame; video surveillance; Cameras; Cryptography; PSNR; Privacy; Video surveillance; Visualization; Random-Grid; Video surveillance; privacy protection; visual cryptography (ID#:14-3232)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889315&isnumber=6889177

• Xianfeng Zhao; Haibo Yu; Jie Zhu; Yong Deng, "Differential Forensics Of DC-DM Based Watermarking," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.611,615, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889316 Forensics of watermarking may be desired by attackers and business competitors. It aims at not only recognizing the existence of watermark but also estimating the algorithm and its parameters. Distortion compensated-dither modulation (DC-DM) is the improved and generalized form of quantization-based embedding which is widely used in watermarking. It adopts pseudo-random dither sequences and adds back partial quantization noise so that estimation of the algorithm and its parameters seems very difficult. However, in case that changing embedding locations each time or using a private embedding domain is not a principle of designing watermarking as what we see nowadays, the differential forensics proposed in this paper, which exploits the differences between the watermarked copies, can recognize the DC-DM algorithm and estimate the algorithmic parameters well.
  Keywords: digital forensics; distortion; image watermarking; modulation; parameter estimation; quantisation (signal);DC-DM based watermarking; algorithmic parameter estimation; back partial quantization noise; differential forensics; distortion compensated-dither modulation; private embedding domain; pseudo-random dither sequences; quantization-based embedding; watermarking forensics; Discrete cosine transforms; Forensics; Lattices; Modulation; Noise; Quantization (signal); Watermarking; Forensics; distortion compensation; dither modulation; quantization index modulation; watermarking (ID#:14-3233)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889316&isnumber=6889177

• Rongrong Ni; Cheng, H.D.; Yao Zhao; Lize Chen, "Adaptive Reversible Watermarking Using Trimmed Prediction And Pixel-Selection-Based Sorting," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on , vol., no., pp.616,620, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889317 Prediction error expansion based on sorting is an important technique in reversible watermarking since it yields large embedding capacity and low distortion. In this paper, an efficient and adaptive reversible watermarking scheme is proposed based on trimmed prediction and pixel selection sorting. The trimmed prediction excludes one singular pixel from the neighboring region. A more efficient sorting method is used to achieve lower distortion. Then, a further sorting that considers context complexity is proposed to ensure better visual quality. The smooth pixels located in rough areas are assigned high priorities for carrying bits by using the prediction error expansion method. With these improvements, our method shows better performances in terms of capacity and distortion.
  Keywords: sorting; watermarking; adaptive reversible watermarking; context complexity; embedding capacity ;low distortion; pixel selection sorting; prediction error expansion method; singular pixel; trimmed prediction; visual quality; Complexity theory; Context; Data mining; Payloads; Prediction algorithms; Sorting; Watermarking; Reversible watermarking; complexity; prediction error expansion; sorting; trimmed prediction (ID#:14-3234)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889317&isnumber=6889177

• Ling Zou; Jichen Yang; Tangsen Huang, "Automatic Cell Phone Recognition From Speech Recordings," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.621,625, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889318 Recording device recognition is an important research field of digital audio forensic. In this paper, we utilize Gaussian mixture model-universal background model (GMM-UBM) as the classifier to form a recording device recognition system. We examine the performance of Mel-frequency cepstral coefficients (MFCCs) and Power-normalized cepstral coefficients (PNCCs) to this problem. Experiments conducted on recordings come from 14 cell phones show that MFCCs are more effective than PNCCs in cell phone recognition. We find that the identification performance can be improved by stacking MFCCs and energy feature. We also investigate the effect of speaker mismatch and de-noising processing for acoustic feature to this problem. The highest identification accuracy achieved here is 97.71%.
  Keywords: Gaussian processes; audio recording; mobile handsets; speech recognition; GMM-UBM; Gaussian mixture model-universal background model; MFCC; Mel-frequency cepstral coefficients; PNCCs; acoustic feature; automatic cell phone recognition; denoising processing; digital audio forensic; power normalized cepstral coefficients; recording device recognition; speaker mismatch; speech recordings; Accuracy; Cellular phones; Forensics; Object recognition; Speech; Speech recognition Training; Cell phone identification; Gaussian mixture model-universal background model (GMM-UBM);Mel-frequency cepstral coefficients (MFCCs);Power-normalized cepstral coefficients (PNCCs)}, (ID#:14-3235)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889318&isnumber=6889177

• Yuxiao Yang; Jianjiang Zhou; Fei Wang; Chenguang Shi, "An LPI Design For Secure Burst Communication Systems," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.631,635, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889320 An LPI burst communication model based on conditional maximum entropy is presented in this paper. In this model, the conditional entropy of transmitting moments is the largest, and the prior data are used as the sample space, while Lagrange multipliers are selected as optimization variables. Hybrid Chaotic Particle Swarm Optimization (HCPSO) that is used in the model takes the dual programming of the conditional maximum entropy as objective function, and the conditional maximum entropy model is ultimately determined through this optimization algorithm. Compared with the usual method of fixed threshold, the simulation results show that the conditional maximum entropy method not only has longer effective communication time, but also can effectively increase the uncertainty of transmitting moments. The more the uncertainty of transmitting moments, the better the low probability of intercept performance is. So the burst communication has better performance of low probability of intercept using conditional maximum entropy model.
  Keywords: chaos; maximum entropy methods; particle swarm optimisation; telecommunication security; HCPSO; LPI burst communication model; LPI design; Lagrange multipliers; conditional maximum entropy dual programming; fixed threshold method; hybrid chaotic particle swarm optimization; low probability of intercept performance; objective function; optimization variables; secure burst communication systems; transmitting moment uncertainty; Communication systems; Entropy; Optimization; Particle swarm optimization; Probability density function; Programming; Uncertainty; Burst communication; LPI; maximum entropy technique (ID#:14-3236)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889320&isnumber=6889177

• Chenguang Shi; Jianjiang Zhou; Fei Wang, "Low Probability Of Intercept Optimization For Radar Network Based On Mutual Information," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.683,687, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889331 This paper investigates the problem of low probability of intercept (LPI) design for radar network system and presents a novel LPI optimization strategy based on mutual information (MI) to improve the LPI performance for radar network. With the radar network system model, this paper would first derive Schleher intercept factor for radar network. Then, a novel LPI optimization strategy is proposed, where for a predefined threshold of MI to estimate the target parameters, Schleher intercept factor is minimized by optimizing transmission power allocation among netted radars in the network. Moreover, the nonlinear programming based genetic algorithm (NPGA) is employed to solve the resulting nonconvex and nonlinear optimization problem. Simulations demonstrate that our proposed scheme is valuable and effective to improve the LPI performance for radar network.
  Keywords: concave programming; genetic algorithms; nonlinear programming; parameter estimation; probability; radar theory; LPI design; LPI optimization strategy; MI; NPGA; Schleher intercept factor; low probability of intercept optimization; mutual information; netted radars; nonconvex optimization problem; nonlinear optimization problem; nonlinear programming based genetic algorithm; radar network system model; target parameter estimation; transmission power allocation; Optimization; Radar antennas; Radar cross-sections; Radar tracking; Resource management; Signal to noise ratio; Low probability of intercept (LPI); Schleher intercept factor; mutual information (MI); radar network (ID#:14-3237)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889331&isnumber=6889177

• Qi Ding; Qian He; Zishu He; Blum, R.S., "Diversity Gain For MIMO-OTH Radar Target Detection Under Product Of Complex Gaussian Reflections," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.688,692, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889332 Consider a multiple-input multiple-output skywave over-the-horizon (MIMO-OTH) radar system withM transmit and N receive antennas employing the conventional optimal detector for a single complex Gaussian target. The signal from the mth transmit antenna reaches the target after being reflected by the ionosphere via Qm ray paths. Each of these multipath signals bounce off the target and reach the nth receiver after being reflected by the ionosphere again via Hmn ray paths. Thus the transmitted signals are reflected once off the target and twice by the ionosphere before arriving at the receive end, and any of these three reflections can be either categorized as being complex Gaussian or deterministic. If either one or two of the reflections are modeled as complex Gaussian while the others are modeled as deterministic, it is shown that the largest possible diversity gain is upper bounded by equation.
  Keywords: Gaussian processes; MIMO radar; diversity reception; radar detection; MIMO-OTH radar target detection; complex Gaussian reflection product; diversity gain; multiple input multiple output skywave; optimal detector; over-the-horizon radar system; single complex Gaussian target; Diversity methods; Ionosphere; Radar; Radar antennas; Receiving antennas; MIMO-OTH radar; complex Gaussian; diversity gain (ID#:14-3238)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889332&isnumber=6889177

• Cai Xing-fu; Song Jian-she; Zhang Xiong-mei; Zheng Yong-an, "A Jamming Technique Against SAR Based On Inter-Pulse Subsection Randomly-Shift-Frequency And Its Application1," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.785,789, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889352 In order to ensure the safety of intelligence in important place, a jamming method against SAR based on inter-pulse subsection randomly-shift-frequency technique is brought forward. This technique can produce several noise-like jamming swathes in range direction, whose number is determined by the number of inter-pulse subsection. And, the position and width of the swathe are determined by frequency shifted. It can be concluded from the experiments that the number of subsections can't exceed 5; the centre of the shift-frequency can't exceed Br / 2 and the scope of the shift-frequency can't exceed Br / 4. In allusion to the phenomena of focusing on jamming technique but application, the application model of this technique brought forward in this paper is established, which followed the implement steps and method of this technique. The availability and advantage of this method is proved in the simulation experiments.
  Keywords: jamming; radar signal processing; synthetic aperture radar; SAR; inter-pulse subsection randomly-shift-frequency technique; jamming technique; noise-like jamming; range direction; synthetic aperture radar; Apertures; Azimuth; Coherence; Frequency modulation; Jamming; Synthetic aperture radar; Time-frequency analysis; Application; Randomly-shift-frequency; Subsection; Synthetic Aperture Radar (ID#:14-3239)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889352&isnumber=6889177

• Lichen Zhang; Yingmin Wang; Aiping Huang, "Effect Of Seawater On Radiation Field Of Electric Dipole," Signal and Information Processing (ChinaSIP), 2014 IEEE China Summit & International Conference on, pp.800,803, 9-13 July 2014. doi: 10.1109/ChinaSIP.2014.6889355 The corrosion and corrosion resistance current of the submarine will produce extremely low frequency electric field after modulated by the propeller rotation in the seawater. It becomes one of the most important characteristics of the signal source. We derive the expression for the electric and magnetic fields of the electric dipole in the seawater using the electric Hertz vector, also give the expressions for the standard field. Measurements and numerical simulations show that the standard field amplitude of the submarine in the shaft frequency is in a great location. And the shaft - rate electric field can be received in a long distance. Therefore, submarine detection using the shaft - rate electric field can be probably best carried out.
  Keywords: corrosion resistance; electric fields; magnetic fields; object detection; propellers; seawater; shafts; signal sources; underwater vehicles; corrosion resistance current; electric Hertz vector; electric dipole; low frequency electric field; magnetic fields; propeller rotation; seawater effect; shaft rate electric field; submarine detection; Electric fields; Electromagnetic scattering; Frequency modulation; Shafts; Standards; Underwater vehicles; Vectors; electric dipole; extremely low frequency electric fields; seawater; shaft - rate electric field; submarine detection (ID#:14-3240)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6889355&isnumber=6889177

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Computer Communication and Informatics (ICCCI) - Coimbatore, India

---

The International Conference on Computer Communication and Informatics (ICCCI), 2014 was held 3-5 January 2014 in Coimbatore, India. The presentations and papers cited here focus on security-related research.

• Abd El-Aziz, A.A.; Kannan, A., "JSON Encryption," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1,6, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921719 JavaScript Object Notation (JSON) is a lightweight data-interchange format. It is easy for humans to read and write. It has a data format that is inter-changeable with a programming language's built-in data structures that eliminates translation time and reduces complexity and processing time. Moreover, JSON has the same strengths of XML. Therefore, it's better to shift form XML security to JSON security. In this paper, we will present how to shift from XML encryption to JSON encryption.
  Keywords: Arrays; Encryption; Standards; XML; JSON; JSON Encryption; JSON Security; XML; XML Encryption; XML Security (ID#:14-3262)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921719&isnumber=6921705

• Sridharan, Srivatsan; Shrivastava, Himanshu, "Excogitation of Secure Data Authentication Model For Wireless Body Area Network," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1, 7, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921738 This paper outlines the implementation of a secure data authentication model for the wireless body area network using a single private key exchanged during the time of configuration. The need for secure data exchange grows rapidly due the fact that the data exchanged are confined to the details of the ailing patient. Recent researchers have proposed a secure system for WBAN, but there is a huge demand to incorporate the security parameters into it. A system in place must ensure security with the use of limited amount of resources. This paper tries to address these issues of security considering the fact of limited availability of resources like power, bandwidth, thereby helping to achieve, more secure and time-efficient system in place for the effective online health monitoring scheme using WBAN. Also the security system for WBAN is proposed with low computational complexity for the secure transaction using a key utilized cryptographic encryption algorithm.
  Keywords: Authentication; Body area networks; Encryption; Monitoring; Servers; Authentication; Encryption; Key Exchange; Security (ID#:14-3263)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921738&isnumber=6921705

• Patil, Anita; Pandit, Rakesh; Patel, Sachin, "Implementation of Security Framework For Multiple Web Applications," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp. 1, 7, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921787 Single sign-on (SSO) is an identity management technique that provides users the ability to use multiple Web services with one set of credentials. However, when the authentication server is down or unavailable, users cannot access Web services, even if the services are operating normally. Therefore, enabling continuous use is important in single sign on. In this paper, we present security framework to overcome credential problems of accessing multiple web application. We explain system functionality with authorization and Authentication. We consider these methods from the viewpoint of continuity, security and efficiency makes the framework highly secure.
  Keywords: Authentication; Authorization; Computers; Encryption; Informatics; Servers; Identity Management System; MD5; OpenID; proxy signature; single sign-on (ID#:14-3264)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921787&isnumber=6921705

• Nilesh, Dudhatra; Nagle, Malti, "The New Cryptography Algorithm With High Throughput," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1 ,5, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921739 The Cryptography is very good area for research now a days. As we know that security is very primary requirement for the any business. And for that we need very strong and unbreakable algorithm which provides high security. For that we need encryption and decryption algorithm which is having very high security with very good throughput. If we look at the real world, there are lots of organizations that are having very large database with high security. As per security concern, some encryption and decryption algorithms are working behind confidential information like DES, 3DES, AES and Blowfish. In this paper at first new cryptography (Encryption and Decryption) algorithm has been generated and new cryptography (Encryption and Decryption) algorithm has been compared by using some components like throughput of key generation, to generate Encryption text and to generate Decryption text. If any brute force attacks are applied on this algorithm, how much security is provided by this algorithm is included. In this algorithm some arithmetic and logical mathematical operations are performed.
  Keywords: Ciphers; Computers; Encryption; Three-dimensional displays; Throughput; 3DES; AES; Blowfish; Cryptography; DES; Decryption; Encryption; Security (ID#:14-3265)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921739&isnumber=6921705

• Khan, Aarfa; Shrivastava, Shweta; Richariya, Vineet, "Normalized Worm-hole Local Intrusion Detection Algorithm(NWLIDA)," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1,6, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921748 A Mobile Ad-Hoc Network (MANET) is a arrangement of wireless mobile nodes which forms a temporary network for the communication without the access point, high availability of wireless devices in everyday is a measure factor in the success of infrastructure-less networks. MANET is dealing with both kinds of attacks, active and passive attacks at all the layers of network model. The lack in security measures of their routing protocols is alluring a number of attackers to intrude the network. A particular type of attack; known as Wormhole, which is launched by creation of tunnels and it results in complete disruption of routing paths on MANET. This paper presents a technique NWLID: Normalized Wormhole Local Intrusion detection Algorithm which is the modified version of Local Intrusion Detection Routing Security over mobile adhoc Network which has an intermediate neighbor node discovery mechanism, packet drop calculator, individual node receiving packet estimator followed by isolation technique for the confirmed Wormhole nodes. Result shows the effect of wormhole attack on normal behavior and improvement of performance after the application of proposed scheme. The effectiveness of NWLID algorithm is evaluated using ns2 network simulator.
  Keywords: Computers; Grippers; Mobile ad hoc networks; Peer-to-peer computing; Routing; Security; Throughput; Ad-hoc Network; Adjoining Node; Black hole; Isolation; Preclusion Ration; Security; Wormhole Tunnel Detection (ID#:14-3266)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921748&isnumber=6921705

• Balachandar, R.; Manojkumar, S., "Towards Reliable And Secure Resource Scheduling In Clouds," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp. 1, 5, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921757 Delivering the hosted services via the internet is called cloud computing. It is attractive to business owners as it eliminates the requirement for users to plan ahead for provisioning and allows enterprises to start from the small and increase resources only when there is a rise in service demand. Central component that manages the allocation of virtual resources for a cloud infrastructure's physical resources is known as the cloud scheduler. Currently available schedulers do not consider users' security and privacy requirements and properties of entire cloud infrastructure. These results in major security, privacy and resilience concerns. The ability of cloud infrastructure is to support the internet scale critical applications. Without strong assurance, organizations should not outsource their critical applications to the cloud. It is one of the challenging problems to address. In this paper, we propose a secure and reliable cloud scheduler which consider both user requirements and infrastructure properties and supported by trustworthy data enabling the scheduler to make the right decision. We focus on assuring users that their virtual resources are hosted using physical resources that match their requirements without getting users involved with understanding the details of the cloud infrastructure. We present our prototype that implements the proposed cloud scheduler which is built on OpenStack.
  Keywords: Cloud computing; Computational modeling; Computers; Physical layer; Privacy; Security; Servers; Access Control; Cloud Computing; Cloud Infrastructure; Open source; Trustworthiness (ID#:14-3267)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921757&isnumber=6921705

• Sam Suresh J.; Manjushree A.; Eswaran P., "Differential Power Analysis (DPA) Attack On Dual Field ECC Processor For Cryptographic Applications," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1,5, 3-5 Jan. 2014 doi: 10.1109/ICCCI.2014.6921775 Exchange of private information over a public medium must incorporate a method for data protection against unauthorized access. To enhance the data security against the DPA attack in network communication, a dual field ECC processor supporting all finite field operations is proposed. The ECC processor performs hardware designs in terms of functionality, scalability, performance and power consumption. A unified scheme is introduced to accelerate EC arithmetic functions. The hardware is optimized by a very compact Galois field arithmetic unit with fully pipelined technique. A key-blinded technique is designed against power analysis attacks.
  Keywords: Algorithm design and analysis; Computers; Elliptic curve cryptography; Elliptic curves; Hardware; DPA; Dual fields; ECC; Galois field; Public key cryptography (ID#:14-3268)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921775&isnumber=6921705

• Beigh, Bilal Maqbool; Peer, M.A., "Performance Evaluation Of Different Intrusion Detection System: An Empirical Approach," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp. 1, 7, 3-5 Jan. 2014, doi: 10.1109/ICCCI.2014.6921740 Easy connectivity to a large number of networks is the main reason towards the development of security measures in the field of networking. People as well as organizations are very keen to share their resources online. But sharing the valuable information over the network may not be safe as it may be hacked by their rivals, to either destroy them or to make their own benefits from this data. The technique / system which protect our data from theft or intrusions, we call that as Intrusion Detection System. Though there are many intrusion detection systems available in the market, however users are not well familiar with the performance of different intrusion detection system or are confused with the results provided by companies. In this paper, we will make an attempt to provide a better view of performance of different intrusion detection techniques implemented under same conditions (DARPA 1999 Dataset) and with same parameters for implementation (i.e Data set will be used DARPA 1999 for experimentation). Lastly we will provide some results which will be fruitful for user in accordance to the performance.
  Keywords: Computers; Engines; Informatics; Intrusion detection; Libraries; Probes; Dataset; IDS; intrusion detection; performance; policy; security (ID#:14-3269)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921740&isnumber=6921705

• Dongre, Kirti A.; Thakur, Roshan Singh; Abraham, Allan, "Secure Cloud Storage Of Data," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1,5, 3-5 Jan. 2014.doi: 10.1109/ICCCI.2014.6921741 Cloud computing is one of the upcoming technologies that will upgrade generation of Internet. The data stored in the smart phones is increased as more applications are deployed and Executed. If the phone is damaged or lost then the information stored in it gets lost. If the cloud storage can be integrated for regular data backup of a mobile user so that the risk of data lost can be minimized. The user can stored data in the server and retrieve them at anytime and from anywhere. The data might be uncovered by attack during the retrieval or transmission of data using wireless cloud storage without proper authentication and protection. So to avoid this in this paper we design a mechanism that provides a security requirement for data storage of mobile phones.
  Keywords: Cloud computing; Computers; Customer relationship management; Encryption; Mobile communication; Servers; Cloud storage; SQL; encryption (ID#:14-3270)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921741&isnumber=6921705

• Raghu, I; Sreelatha Reddy, V., "Key binding with fingerprint feature vector," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1, 5, 3-5 Jan. 2014 doi: 10.1109/ICCCI.2014.6921835 In modern world to secure data is a big task. Cryptographic systems have been widely used in many information security applications. One main challenge that these systems have faced has been how to protect private keys from attackers. A biometric cryptosystem that can be used to effectively protect private keys and to retrieve them only when legitimate users enter their biometric data. In biometric applications, it is widely known that a fingerprint can discriminate between persons better than other biometric modalities. In this paper, we propose a fingerprint based biometric encryption model using BCH and the combination of BCH and RS Coding. Experimental results showed that 128-bit private keys were securely encrypted with fingerprint feature vector and successfully retrieved at verification with FRR is 0.7% and FAR is 0%.
  Keywords: Discrete wavelet transforms; Encoding; Encryption; Feature extraction; Fingerprint recognition; Vectors; BCH and RS Coding; DWT; WP; biometrics; cryptographic key; fingerprint; wavelets transforms (ID#:14-3272)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921835&isnumber=6921705

• Thangadurai, K.; Sudha Devi, G., "An Analysis of LSB Based Image Steganography Techniques," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp. 1, 4, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921751 Steganography refers to information or a file that has been concealed inside a digital picture, video or audio file. If a person views the object in which the information is hidden inside, he or she will have no indication that there is any hidden information. So the person will not try to decrypt the information. Steganography can be divided into Text Steganography, Image Steganography, Audio/Video Steganography. Image Steganography is one of the common methods used for hiding the information in the cover image. LSB is very efficient algorithm used to embed the information in a cover file. This paper presents the detail knowledge about the LSB based image steganography and its applications to various file formats. In this paper we also analyze the available image based steganography along with cryptography technique to achieve security.
  Keywords: Art; Computer science; Computers; Cryptography; Gray-scale; Image color analysis; Informatics; Cover Image; Cryptography; GIF; LSB; Message Hiding; PNG; Steganography (ID#:14-3273 )
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921751&isnumber=6921705

• Doe, Nina Pearl; Suganya V., "Secure Service To Prevent Data Breaches In Cloud," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1, 6, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921755 Cloud Computing is a computing paradigm shift where computing is moved away from personal computers or an individual server to a cloud of computers. Its flexibility, cost-effectiveness, and dynamically re-allocation of resources as per demand make it desirable. At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges such as data breaches, data loss, account hijacking and denial of service. Paramount among these security threats is data breaches. The proposed work is to prevent data breaching threat by way of providing user authentication through one-time password system and challenge response, risk assessment to identify and prevent possible risks, encryption using enhanced elliptic curve cryptography where a cryptographically secure random number generation is used to make the number unpredictable, data integrity using MD5 technique, and key management. The platform for deployment of the application is Google App Engine.
  Keywords: Cloud computing; Computational modeling; Elliptic curve cryptography; Elliptic curves; Encryption; MD5; authentication; cloud computing; elliptic curve cryptography; risk assessment; security issues (ID#:14-3274)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921755&isnumber=6921705

• Arockiam, L.; Monikandan, S., "Efficient Cloud Storage Confidentiality To Ensure Data Security," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1, 5, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921762 Cloud computing provides an enormous amount of virtual storage to the users. Cloud storage mainly helps to small and medium scale industries to reduce their investments and maintenance of storage servers. Cloud storage is efficient for data storage. Users' data are sent to the cloud is to be stored in the public cloud environment. Data stored in the cloud storage might mingle with other users' data. This will lead to the data protection issue in cloud storage. If the confidentiality of cloud data is broken, then it will cause loss of data to the industry. Security of cloud storage is ensured through confidentiality parameter. To ensure the confidentiality, the most common used technique is encryption. But encryption alone doesn't give maximum protection to the data in the cloud storage. To have efficient cloud storage confidentiality, this paper uses encryption and obfuscation as two different techniques to protect the data in the cloud storage. Encryption is the process of converting the readable text into unreadable form using an algorithm and a key. Obfuscation is same like encryption. Obfuscation is a process which disguises illegal users by implementing a particular mathematical function or using programming techniques. Based on the type of data, encryption and obfuscation can be applied. Encryption can be applied to alphabets and alphanumeric type of data and obfuscation can be applied to a numeric type of data. Applying encryption and obfuscation techniques on the cloud data will provide more protection against unauthorized usage. Confidentiality could be achieved with a combination of encryption and obfuscation.
  Keywords: Cloud computing; Databases; Encryption; Memory; Cloud Storage; Confidentiality; Data Protection; Encryption; Obfuscation (ID#:14-3275)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921762&isnumber=6921705

• Singha, Thockchom Birjit; Jain, Lakshay; Kant, Bikash, "Negligible Time-Consuming RC5 Remote Decoding Technique," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp. 1 4, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921832 Remote decoding techniques based solely on polling waste a considerable amount of time in the bit-reading process, which is undesirable. Better techniques involving interrupts have been proposed, but, these still waste some amount of precious execution time. In this paper, we propose a technique which consumes negligible time (few ms) in the bit reading process, thus, utilizing all the available time for execution of the main task.
  Keywords: Algorithm design and analysis; Computers; Decoding; Delays; Flowcharts; Informatics; Protocols; IEEE 802.3; IEEE 802.4;Interrupt service routine (ISR); Interrupts; Polling; RC5 Protocol; Remote decoding (ID#:14-3276)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921832&isnumber=6921705

• Gupta, Piyush Kumar; Roy, Ratnakirti; Changder, Suvamoy, "A Secure Image Steganography Technique With Moderately Higher Significant Bit Embedding," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1,6, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921726 Steganography is a process to hide secret data into a cover media in an imperceptible manner. In the spatial domain of image steganography, the most common technique is Least Significant Bit Replacement (LSBR). However, LSBR is extremely sensitive to compression attacks involving truncation of LSBs. As a possible solution to the drawback of the traditional LSBR scheme, this paper proposes an image steganography technique that embeds secret data in the moderately higher significant bits such as 4th or 5th bit of a pixel. The proposed method uses a color image as a cover and according to pixel values; three groups of pixels are maintained. These groups are used for selecting the candidate pixels for 4th or 5th bit embedding. It also implements an optimal pixel adjustment process (OPAP) to minimize the visual distortion due to embedding. In addition to the OPAP, a method for randomly dispersing the secret data bits is also implemented making it harder for an adversary to detect hidden information. The experimental results for proposed method showed high values for Peak Signal to Noise Ratio (PSNR) signifying High stego-image fidelity.
  Keywords: Computers; Image coding; Informatics; Media; PSNR; Payloads; Visualization; Image Steganography; Moderately Higher Significant Bit Embedding (MHSBE);Optimal Pixel Adjustment Process (OPAP); RGB image (ID#:14-3277)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921726&isnumber=6921705

• Vanitha, M.; Kavitha, C., "Secured Data Destruction In Cloud Based Multi-Tenant Database Architecture," Computer Communication and Informatics (ICCCI), 2014 International Conference on, pp.1, 6, 3-5 Jan. 2014. doi: 10.1109/ICCCI.2014.6921774 Cloud computing falls into two general categories. Applications being delivered as service and hardware and data centers that provides those services [1]. Cloud storage evolves from just a storage model to a new service model where data is being managed, maintained, and stored in multiple remote severs for back-up reasons. Cloud platform server clusters are running in network environment and it may contain multiple users' data and the data may be scattered in different virtual data centers. In a multi-user shared cloud computing platform users are only logically isolated, but data of different users may be stored in same physical equipment. These equipments can be rapidly provisioned, implemented, scaled up or down and decommissioned. Current cloud providers do not provide the control or at least the knowledge over the provided resources to their customers. The data in cloud is encrypted during rest, transit and back-up in multi tenant storage. The encryption keys are managed per customer. There are different stages of data life cycle Create, Store, Use, Share, Archive and Destruct. The final stage is overlooked [2], which is the complex stage of data in cloud. Data retention assurance may be easier for the cloud provider to demonstrate while the data destruction is extremely difficult. When the SLA between the customer and the cloud provider ends, today in no way it is assured that the particular customers' data is completely destroyed or destructed from the cloud provider's storage. The proposed method identifies way to track individual customers' data and their encryption keys and provides solution to completely delete the data from the cloud provider's multi-tenant storage architecture. It also ensures deletion of data copies as there are always possibilities of more than one copy of data being maintained for back-up purposes. The data destruction proof shall also be provided to customer making sure that the owner's data is completely removed.
  Keywords: Cloud computing; Computer architecture; Computers; Encryption; Informatics; Public key; attribute based encryption; data retention; encryption; file policy (ID#:14-3278)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6921774&isnumber=6921705

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Conference on Advanced Communication Technology - Korea

---

International Conferences: Conference on Advanced Communication Technology - Korea

The 2014 16th International Conference on Advanced Communication Technology (ICACT) was held 16-19 February 2014 in Phoenix Park, PyeongChang Korea. Security topics include cryptography, using personal VPNs to preclude censorship, E-health privacy, smart grid, steganography, bots, LEACH protocols, obfuscation, IPSEC in IPv6, and grey hole attacks, among others.

• Hyunho Kang; Hori, Y.; Katashita, T.; Hagiwara, M.; Iwamura, K., "Cryptographie Key Generation from PUF Data Using Efficient Fuzzy Extractors," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.23, 26, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778915 Physical unclonable functions (PUFs) and biometrics are inherently noisy. When used in practice as cryptographic key generators, they need to be combined with an extraction technique to derive reliable bit strings (i.e., cryptographic key). An approach based on an error correcting code was proposed by Dodis et al. and is known as a fuzzy extractor. However, this method appears to be difficult for non-specialists to implement. In our recent study, we reported the results of some example implementations using PUF data and presented a detailed implementation diagram. In this paper, we describe a more efficient implementation method by replacing the hash function output with the syndrome from the BCH code. The experimental results show that the Hamming distance between two keys vary according to the key size and information-theoretic security has been achieved.
  Keywords: Hamming codes; cryptography; error correction codes; fuzzy set theory; BCH code; Hamming distance; PUF data; biometrics; cryptographic key generation; efficient fuzzy extractors; error correcting code; information-theoretic security; physical unclonable functions; reliable bit strings; Cryptography; Data mining; Entropy; Hamming distance; High definition video; Indexes; Reliability; Arbiter PUF; Fuzzy Extractor; Physical Unclonable Functions (ID#:14-3279)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778915&isnumber=6778899

• Yuzhi Wang; Ping Ji; Borui Ye; Pengjun Wang; Rong Luo; Huazhong Yang, "GoHop: Personal VPN to Defend From Censorship," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.27,33, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778916 Internet censorship threatens people's online privacy, and in recent years, new technologies such as high-speed Deep Packet Inspection (DPI) and statistical traffic analysis methods had been applied in country scale censorship and surveillance projects. Traditional encryption protocols cannot hide statistical flow properties and new censoring systems can easily detect and block them "in the dark". Recent work showed that traffic morphing and protocol obfuscation are effective ways to defend from statistical traffic analysis. In this paper, we proposed a novel traffic obfuscation protocol, where client and server communicate on random port. We implemented our idea as an open-source VPN tool named GoHop, and developed several obfuscation method including pre-shared key encryption, traffic shaping and random port communication. Experiments have shown that GoHop can successfully bypass internet censoring systems, and can provide high-bandwidth network throughput.
  Keywords: Internet; cryptographic protocols; data protection; public domain software; statistical analysis; telecommunication traffic; transport protocols; DPI; GoHop; TCP protocol; bypass Internet censoring systems; country scale censorship; encryption protocols; high-bandwidth network throughput; high-speed deep packet inspection; open-source VPN tool; people online privacy; personal VPN; pre-shared key encryption; privacy protection; random port communication; statistical flow property; statistical traffic analysis methods; surveillance projects; traffic morphing ;traffic obfuscation protocol method; traffic shaping; Cryptography; Internet; Ports (Computers);Protocols; Servers; Throughput; Virtual private networks; VPN; censorship circumvention; privacy protection; protocol obfuscation; random port; traffic morphing (ID#:14-3280)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778916&isnumber=6778899

• Thiranant, N.; Sain, M.; Hoon Jae Lee, "A Design Of Security Framework For Data Privacy In E-Health System Using Web Service," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.40,43, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778918 E-Health is a common term used for electronic health, where the services and systems provided include electronic health records, prescriptions, consumer health information, healthcare information systems, and so on. In this period of time, several patients have started to use e-health, considering the convenience of services delivered and cost reduction. The popularity has abruptly been increasing due to a wide range of services. From the system administrator's perspectives, not only protecting privacy of patients is considered a difficult task, but also building trust of patients in e-health. In this paper, a design of security framework for data privacy in e-Health system based on web service architecture is proposed. It is interesting to note that the approach proposed in this paper is not limited to e-Health system.
  Keywords: Web services; data privacy; electronic health records; health care; software architecture; trusted computing; Web service architecture; consumer health information; cost reduction; data privacy; e-health system; electronic health records; healthcare information systems; patient privacy; security framework; system administrator perspective; Cloud computing; Data privacy; Databases; Encryption; Data Privacy; Data encryption; E-health; Privacy; Web service (ID#:14-3281)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778918&isnumber=6778899

• Bruce, N.; Sain, M.; Hoon Jae Lee, "A Support Middleware Solution For E-Healthcare System Security," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.44, 47, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778919 This paper presents a middleware solution to secure data and network in the e-healthcare system. The e-Healthcare Systems are a primary concern due to the easiest deployment area accessibility of the sensor devices. Furthermore, they are often interacting closely in cooperation with the physical environment and the surrounding people, where such exposure increases security vulnerabilities in cases of improperly managed security of the information sharing among different healthcare organizations. Hence, healthcare-specific security standards such as authentication, data integrity, system security and internet security are used to ensure security and privacy of patients' information. This paper discusses security threats on e-Healthcare Systems where an attacker can access both data and network using masquerade attack Moreover, an efficient and cost effective approach middleware solution is discussed for the delivery of secure services.
  Keywords: data privacy; health care; medical administrative data processing; middleware; security of data; Internet security; authentication; data integrity; e-health care system security; electronic health care; health care organizations; health care-specific security standards; information sharing; masquerade attack; patient information privacy; patient information security; security vulnerabilities; support middleware solution; system security; Authentication; Communication system security; Logic gates; Medical services; Middleware; Wireless sensor networks; Data Security; Middleware; Network Security; e-Healthcare (ID#:14-3282)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778919&isnumber=6778899

• Feng Zhao; Guannan Wang; Chunyu Deng; Yue Zhao, "A Real-Time Intelligent Abnormity Diagnosis Platform In Electric Power System," Advanced Communication Technology (ICACT), 2014 16th International Conference on, vol., no., pp.83, 87, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778926 Abstract: With the rapid development of smart grid, intelligent electric meters can be seen in most of the households, and the volume of electric energy data is in a rapid growth. This paper mainly aims at introducing an abnormity diagnosis platform in electric power system. It is used to distinguish the abnormal point according to the historical data and expert experience, and put forward some resolving scheme to ensure the high reliability and stability of power grid. In our approach, we use distributed technologies to process big electric energy data. Specifically, distributed fie system (HDFS) and distributed database (HBase) are applied to data storage, and distributed computing technology (MapReduce) is applied to constructing knowledge base and computing. In the inference engine, we use Hidden Semi-Markov Model. This model can auto-get and modify knowledge in knowledge base, achieve a better real time phenomenon, through self-learning function and machine as well as interacting between human. The results show that this abnormity intelligent diagnoses platform is effective and faster.
  Keywords: Markov processes; distributed databases; expert systems; inference mechanisms; meters; power system analysis computing; power system measurement; unsupervised learning; HBase; HDFS; MapReduce; data storage; distributed computing technology; distributed database; distributed file system; electric energy data; electric power system; expert experience; hidden semiMarkov model; historical data; inference engine; intelligent electric meters; knowledge base; real time intelligent abnormity diagnosis platform;self learning function; smart grid; Data handling; Data storage systems; Engines; Expert systems; Information management; Power systems; Abnormity Intelligent Diagnosis; Distributed Computing; Distributed Storage; Hidden Markov Model (ID#:14-3283)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778926&isnumber=6778899

• Diop, I.; Farss, S.M.; Tall, K.; Fall, P.A.; Diouf, M.L.; Diop, A.K., "Adaptive Steganography Scheme Based on LDPC Codes," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.162,166, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778941 Steganography is the art of secret communication. Since the advent of modern steganography, in the 2000s, many approaches based on the error correcting codes (Hamming, BCH, RS, STC ...) have been proposed to reduce the number of changes of the cover medium while inserting the maximum bits. The works of LDiop and al [1], inspired by those of T. Filler [2] have shown that the LDPC codes are good candidates in minimizing the impact of insertion. This work is a continuation of the use of LDPC codes in steganography. We propose in this paper a steganography scheme based on these codes inspired by the adaptive approach to the calculation of the map detectability. We evaluated the performance of our method by applying an algorithm for steganalysis.
  Keywords: parity check codes; steganography; LDPC codes; adaptive steganography scheme; error correcting codes; map detectability; secret communication; steganalysis; Complexity theory; Distortion measurement; Educational institutions; Histograms; PSNR; Parity check codes; Vectors; Adaptative steganography; complexity; detectability; steganalysis (ID#:14-3284)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778941&isnumber=6778899

• Dotcenko, S.; Vladyko, A.; Letenko, I., "A Fuzzy Logic-Based Information Security Management For Software-Defined Networks," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.167,171, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778942 In terms of network security, software-defined networks (SDN) offer researchers unprecedented control over network infrastructure and define a single point of control over the data flows routing of all network infrastructure. OpenFlow protocol is an embodiment of the software-defined networking paradigm. OpenFlow network security applications can implement more complex logic processing flows than their permission or prohibition. Such applications can implement logic to provide complex quarantine procedures, or redirect malicious network flows for their special treatment. Security detection and intrusion prevention algorithms can be implemented as OpenFlow security applications, however, their implementation is often more concise and effective. In this paper we considered the algorithm of the information security management system based on soft computing, and implemented a prototype of the intrusion detection system (IDS) for software-defined network, which consisting of statistic collection and processing module and decision-making module. These modules were implemented in the form of application for the Beacon controller in Java. Evaluation of the system was carried out on one of the main problems of network security - identification of hosts engaged in malicious network scanning. For evaluation of the modules work we used mininet environment, which provides rapid prototyping for OpenFlow network. The proposed algorithm combined with the decision making based on fuzzy rules has shown better results than the security algorithms used separately. In addition the number of code lines decreased by 20-30%, as well as the opportunity to easily integrate the various external modules and libraries, thus greatly simplifies the implementation of the algorithms and decision-making system.
  Keywords: decision making; fuzzy logic; protocols; security of data; software radio; telecommunication control; telecommunication network management; telecommunication network routing; telecommunication security; Java; OpenFlow protocol; beacon controller; data flows routing; decision making; decision-making module; fuzzy logic-based information security management; intrusion detection system; intrusion prevention algorithms; logic processing flows; malicious network flows; malicious network scanning; mininet environment; network infrastructure; network security; processing module; security detection; soft computing; software-defined networks; statistic collection; Decision making; Information security; Software algorithms; Switches; Training; Fuzzy Logic; Information security; OpenFlow; Port scan; Software-Defined Networks (ID#:14-3285)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778942&isnumber=6778899

• Buinevich, M.; Izrailov, K., "Method and Utility For Recovering Code Algorithms Of Telecommunication Devices For Vulnerability Search," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.172,176, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778943 Abstract: The article describes a method for searching vulnerabilities in machine code based on the analysis of its algorithmized representation obtained with the help of an utility being a part of the method. Vulnerability search falls within the field of telecommunication devices. Phase-by-phase description of the method is discussed, as well as the software architecture of the utility and their limitations in terms of application and preliminary effectiveness estimate results. A forecast is given as to developing the method and the utility in the near future.
  Keywords: assembly language; binary codes; reverse engineering; security of data; algorithmized representation; code recovery algorithm; machine code; phase-by-phase description; software architecture; telecommunication devices; vulnerability search; Algorithm design and analysis; Assembly; Communications technology; Educational institutions; Information security; Software; Software algorithms; binary codes; information security; program language extension; reverse engineering and decompilation; telecommunications (ID#:14-3286)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778943&isnumber=6778899

• Rahman, A.F.A.; Ahmad, R.; Ramli, S.N., "Forensics Readiness For Wireless Body Area Network (WBAN) System," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.177,180, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778944 Wireless Body Area Network (WBAN) is a wireless network that can be attached or implanted onto the human body by using wireless sensor. Since WBAN developed for medical devices, the system should be design for a wide range of end user with different professional skill groups. This require WBAN system to be open, accurate and efficient. As from our previous experienced, any open system is vulnerable, similar to any other current available wireless systems such as Wireless Local Area Network (WLAN). However, currently there were not many discussions on the WBAN security vulnerability and security threats and if there is any, the issues were discussed through theoretical, concept and simulation data. In this paper, we discuss potential WBAN security vulnerability and threats using Practical Impact Assessment (PIA) conducted in real environment so that we are able to identify the problem area in details and develop potential solutions to produce a forensics readiness secure network architecture for WBAN system.
  Keywords: body area networks; body sensor networks; digital forensics; telecommunication security; wireless sensor networks; PIA; WBAN security vulnerability; WBAN system; WLAN; forensics readiness secure network architecture; human body; medical devices; practical impact assessment; wireless body area network; wireless local area network; wireless sensor network; Body area networks; Communication system security; Forensics; Hospitals; Security; Wireless communication; Wireless sensor networks; Forensics Readiness; Information Security; Practical Impact Assessment; Secure Network Architecture; Wireless Body Area Network (WBAN) (ID#:14-3287)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778944&isnumber=6778899

• Ayalneh, D.A.; Hyoung Joong Kim; Yong Soo Choi, "JPEG Copy Paste Forgery Detection Using BAG Optimized For Complex Images," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.181,185, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778945 Image forgery detection is one of important activities of digital forensics. Forging an image has become very easy and visually confusing with the real one. Different features of an image can be used in passive forgery detection. Most of lossy compression methods demonstrate some distinct characteristics. JPEG images have a traceable zero valued DCT coefficients in the high frequency regions due to quantization. This appears as a square grid all over the image, known as Block Artifact Grid (BAG). In this paper the BAG based copy-paste forgery detection method is improved by changing the input DCT coefficients for Local Effect computation. The proposed method has shown a better performance especially for complex images.
  Keywords: data compression; digital forensics; discrete cosine transforms; image coding; quantisation (signal);BAG;JPEG copy paste forgery detection; block artifact grid; digital forensics; image forgery detection; image forging; local effect computation; lossy compression methods; passive forgery detection; quantization; traceable zero valued DCT coefficients; Discrete cosine transforms; Educational institutions; Forgery; Image coding; Multimedia communication; Quantization (signal);Transform coding; Block Artifact Grid; Copy-paste forgery; JPEG; Local Effect (ID#:14-3288)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778945&isnumber=6778899

• Tripathi, G.; Singh, D.; Hoon-Jae Lee, "Content Centric Battlefield Visualization Mechanism And Solutions," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.202,207, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778949 We are designing a content centric battlefield architecture model to support Soldiers/Army, which are going to visualise and analysis of the Input receive raw data at data mining station. Previously, we had limited traffic in Battlefield networks and small number of known private servers with their contents and security concerns. The users of secured server interacted with limited number of servers which were known in advance. Today, the Battlefield networking, surveillance traffic, content servers and hybrid information have increased dynamically. The present Battlefield architecture is handling only data streams of bits between-end-to-end system for content of Battlefield services and its objects. The modern battlefield techniques and architecture is constantly evolving. Therefore, we need more resources to effectively visualize the pattern of the battlefield objects and situations. This paper presents a novel architecture model for interaction between battlefield entities based on content model for search. Where the basic object of battlefield is use as content irrespective of its location to be used for higher interaction between entities.
  Keywords: data mining; military communication; military computing; surveillance; army; battlefield networking; battlefield networks; battlefield services; content centric battlefield architecture model; content centric battlefield visualization mechanism; content model; content servers; data mining station; data streams; end-to-end system; hybrid information; private servers; security concerns; soldiers; surveillance traffic; Computer architecture; Media; Security; Servers; Streaming media; Visualization; Weapons; Battlefield monitoring; Battlefield networks; Intelligent system; Soldiers Applications (ID#:14-3289)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778949&isnumber=6778899

• Wei Wan; Jun Li, "Investigation of state division in botnet detection model," Advanced Communication Technology (ICACT), 2014 16th International Conference on., pp.265, 268, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778961 Botnet as a new technology of attacks is a serious threat to Internet security. With the rapid development of the botnet, botnet based several protocols came into being. In accordance with the feature of botnet, the Hidden Markov Model has application in botnet detection. Firstly, according to the situation and problems of the botnet recently, the life cycle and behaviour characteristics of the botnet have been analysed. After that a mathematical model based on state division has been built to describe the botnet. Meanwhile, a method of botnet detection based on this model has been proposed. Finally, we analyzed and summarized the experimental results, and verified the reliability and rationality of the detection method.
  Keywords: Internet; hidden Markov models; security of data; Internet security; botnet based protocols; botnet behaviour characteristics; botnet detection model; botnet life cycle; hidden Markov model; state division; Automata; Centralized control; Computer crime; Hidden Markov models; Monitoring; Protocols; Botnet; Hidden Markov Model; State Division (ID#:14-3290)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778961&isnumber=6778899

• Sung-Hwan Ahn; Nam-Uk Kim; Tai-Myoung Chung, "Big Data Analysis System Concept For Detecting Unknown Attacks," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.269,272, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778962 Recently, threat of previously unknown cyber-attacks are increasing because existing security systems are not able to detect them. Past cyber-attacks had simple purposes of leaking personal information by attacking the PC or destroying the system. However, the goal of recent hacking attacks has changed from leaking information and destruction of services to attacking large-scale systems such as critical infrastructures and state agencies. In the other words, existing defence technologies to counter these attacks are based on pattern matching methods which are very limited. Because of this fact, in the event of new and previously unknown attacks, detection rate becomes very low and false negative increases. To defend against these unknown attacks, which cannot be detected with existing technology, we propose a new model based on big data analysis techniques that can extract information from a variety of sources to detect future attacks. We expect our model to be the basis of the future Advanced Persistent Threat(APT) detection and prevention system implementations.
  Keywords: Big Data; computer crime; data mining; APT detection; Big Data analysis system; Big Data analysis techniques; advanced persistent threat detection; computer crime; critical infrastructures; cyber-attacks; data mining; defence technologies; detection rate; future attack detection; hacking attacks; information extraction; large-scale system attacks; pattern matching methods; personal information leakage; prevention system; security systems; service destruction; state agencies; unknown attack detection; Data handling; Data mining; Data models; Data storage systems; Information management; Monitoring; Security; Alarm systems; Computer crime; Data mining; Intrusion detection (ID#:14-3291)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778962&isnumber=6778899

• Jiajia Wang; Jingchao Chen; Hexiang Duan; Hongbo Ba; Jianjun Wu, "Jammer Selection For Secure Two-Way DF Relay Communications With Imperfect CSI," Advanced Communication Technology (ICACT), 2014 16th International Conference on,, pp.300, 303, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778969 This paper investigates jammer selection in a two-way decode-and-forward (DF) relay network with imperfect channel state information (CSI). The proposed scheme enables an selection of one conventional relay and two jamming nodes to enhance communication security against eavesdropper. The conventional relay assists two sources to exchange their data via a DF protocol. The two jamming nodes are used to create interference signals to confuse the eavesdropper. Furthermore, the asymptotic performance of proposed scheme is analyzed in detail. Under the assumption that the relay can decode received signals perfectly and when the jamming power is higher than that of source nodes, we find that the proposed scheme has a high secrecy performance which is almost independent of the position of the eavesdropper.
  Keywords: decode and forward communication; protocols; relay networks (telecommunication) telecommunication security; CSI; channel state information; communication security; decode-and-forward protocol; jammer selection; jamming nodes; secure two-way decode-and-forward relay communications; source nodes; Educational institutions; Jamming; Peer-to-peer computing; Relays; Security; Signal to noise ratio; Wireless communication; DF relay; Jammer selection; imperfect CSI; physical layer security; two-way (ID#:14-3292)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778969&isnumber=6778899

• Rahayu, T.M.; Sang-Gon Lee; Hoon-Jae Lee, "Survey on LEACH-based Security Protocols," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp. 304, 309, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778970 Energy efficiency is one of the major concerns in designing protocols for WSNs. One of the energy-efficient communication protocols for this network is LEACH that works on cluster-based homogeneous WSNs. Though LEACH is energy-efficient but it does not take security into account. Because WSNs are usually deployed in remote and hostile areas, security becomes a concern in designing a protocol. In this paper we present our security analysis of five security protocols that have been proposed to strengthen LEACH protocols. Those protocols are SLEACH, SecLEACH, SC-LEACH, Armor LEACH and MS-LEACH.
  Keywords: cryptographic protocols; pattern clustering; power aware computing; telecommunication power management; telecommunication security; wireless sensor networks; Armor LEACH protocols; LEACH-based security protocols; MS-LEACH protocols; SC-LEACH protocols; SLEACH protocols; SecLEACH protocols; cluster-based homogeneous WSN; energy-efficient communication protocols; hostile areas;remote areas; security analysis; wireless sensor network; Authentication; Protocols; radiation detectors; Schedules; Steady-state; Wireless sensor networks; Armor-LEACH; LEACH; MS-LEACH; SC-LEACH;SLEACH; SecLEACH; Security analysis; WSN (ID#:14-3293)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778970&isnumber=6778899

• Dong-Ho Kang; Byoung-Koo Kim; Jung-Chan Na, "Cyber Threats And Defence Approaches in SCADA Systems," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.324,327, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778974 The use of SCADA systems has been increased since the 1960s as a need arose to more efficiently monitor and control the status of remote equipment. And they are becoming more and more susceptible to cyber-attacks due to utilize standard protocols and increase connectivity. The objective of this paper is to introduce our on-going work and discuss challenges and opportunities for preventing network and application protocol attacks on SCADA systems.
  Keywords: SCADA systems; computer network security; protocols; SCADA systems; application protocol attacks; cyber threats; cyber-attacks; defence approaches; remote equipment; Filtering; IP networks ;Intrusion detection; Protocols; SCADA systems; Servers; Cyber-attacks; ICS Security; Industrial Firewall; Network Security; SCADA (ID#:14-3294)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778974&isnumber=6778899

• Wei Ding; ZhiMin Gu; Feng Gao, "Reconstruction of Data Type In Obfuscated Binary Programs," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.393,396, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778988 Recently, research community has advanced in type reconstruction technology for reverse engineering, but emerging with obfuscate technology, data type reconstruction is difficult and obfuscated code is easier to be monitored and analyzed by attacker or hacker. Therefore, we present a novel approach for automatic establish data type inference rules and reconstruct type from obfuscated binary programs using machine learning algorithm.
  Keywords: computer crime; inference mechanisms; learning (artificial intelligence); reverse engineering; system monitoring; systems analysis; data type inference rules; data type reconstruction; hacker; machine learning algorithm; obfuscated binary programs; obfuscated code analysis; obfuscated code monitoring; reverse engineering; Arrays; Binary codes; Decision trees; Educational institutions; Machine learning algorithms; Reverse engineering; Deobfuscation; Disassembly; Inference Rules; Obfuscated Binary; Type reconstruction (ID#:14-3295)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778988&isnumber=6778899

• Ji-Soo Oh; Min-Woo Park; Tai-Myoung Chung, "The Solution Of Denial Of Service Attack On Ordered Broadcast Intent," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.397,400, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778989 The Android's message passing system provides late run-time binding between components in the same or different applications, and it promotes inter-application collaboration. However, the message passing mechanism has also numerous vulnerabilities, so that Android applications can be exposed to attacks from malicious applications. Denial of service (DoS) attack on ordered broadcasts is a typical attack that exploits vulnerabilities of message passing. A malicious application which launches the attack intercepts broadcast messages by setting itself high priority, and then aborts it to prevent other benign applications from receiving it. In this paper, we propose a security framework for detecting DoS attacks on ordered broadcasts. We insert our framework into Android platform, and then the framework inspects receivers of broadcast messages. If the framework detects any threats, it issues warning to user. Finally, we provides scenario about our framework and discuss future directions.
  Keywords: Android (operating system) ;message passing; smart phones; telecommunication security; Android platform; DoS attack; denial of service attack; malicious application; message passing system; ordered broadcast Intent; run-time binding; security framework; Androids; Computer crime; Humanoid robots; Message passing; Receivers; Smart phones; Android; Denial of Service Attack; Intent; Mobile Phone Security; Ordered Broadcast (ID#:14-3296)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778989&isnumber=6778899

• Dongxiang Fang; Peifeng Zeng; Weiqin Yang, "Attacking the IPsec Standards When Applied To Ipv6 In Confidentiality-Only ESP Tunnel Mode," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.401, 405, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778990 Attacks which can break RFC-compliant IPsec implementation built on IPv6 in confidentiality-only ESP tunnel mode are proposed. The attacks combine the thought of IV attack, oracle attack and spoof attack to decrypt a encrypted IPv6 datagram. The attacks here are more efficient than the attacks presented by Paterson and Degabriele because no checksum issue has to be handled. The paper shows that using IPsec with confidentiality-only ESP configuration is insecure to convince users to select it carefully.
  Keywords: IP networks; cryptography; protocols; telecommunication security; Degabriele; IPsec standards; IV attack; Paterson; RFC compliant IPsec implementation; confidentiality only ESP tunnel mode; decrypt; encapsulating security payload; encrypted IPv6 datagram; initialization vector; oracle attack; spoof attack; Educational institutions; Encryption; IP networks; Payloads; Protocols; ESP; IPsec; IPv6; Security; confidentiality-only (ID#:14-3297)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778990&isnumber=6778899

• Shuai Li; Peng Gong; Qian Yang; Xiao Peng Yan; Jiejun Kong; Ping Li, "A Secure Handshake Scheme With Pre-Negotiation For Mobile-Hierarchy City Intelligent Transportation System Under Semi-Honest Model," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.406,409, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778991 Mobile-hierarchy architecture was widely adopted for query a deployed wireless sensor network in an intelligent transportation system recently. Secure handshake among mobile node and ordinary nodes becomes an important part of an intelligent transportation system. For dividing virtual communication area, pre-negotiation should be conducted between mobile node and ordinary node before formal handshake. Pre-negotiation among nodes can increase the odds for a successful handshake. The mobile node negotiates with an ordinary sensor node over an insecure communication channel by private set intersection. As an important handshake factor, Attribute set is negotiated privately among them in local side. In this paper, a secure handshake scheme with pre-negotiation for mobile-hierarchy city intelligent transportation system under semi-honest model is proposed.
  Keywords: intelligent transportation systems; wireless sensor networks; mobile node; mobile-hierarchy architecture; mobile-hierarchy city intelligent transportation system; prenegotiation; secure handshake scheme; semi-honest model; virtual communication area; wireless sensor network; Computational modeling; Cryptography; Educational institutions; Intelligent transportation systems; Polynomials; Protocols; Wireless communication; Attribute Encryption; Attribute-based handshake; Intelligent transportation system; Private set intersection; Wireless sensor network (ID#:14-3298)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778991&isnumber=6778899

• Heechang Chung; Sok Pal Cho; Yongseon Jang, "Standardizations on IT Risk Analysis Service in NGN," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.410,413, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778992 Information technology (IT) risk analysis service is a service which is capable of identifying risk, assessing the risk, and then invoking process which can identify the proper actions which should be taken to reduce damage that could affect users or organizations subscribed to an Network. Provided that a risk situation exists, the risk analysis function performs the analysis and assessment of the risk event data with an algorithm which applies the most recent pattern according to procedures, and reports the analysis results and the proper complementary measures which, if invoked, will reduce risk.
  Keywords: data analysis; next generation networks; risk analysis; telecommunication network reliability; IT risk analysis service; NGN; information technology risk analysis service; risk event data analysis; risk event data assessment; risk identification; risk reduction; Educational institutions; Hardware; Next generation networking; Organizations; Risk analysis; Software; Standardization; IT risk analysis; Identifying risk; assessing risk; external risk; internal risk; mitigation risk (ID#:14-3299)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778992&isnumber=6778899

• Soo Young Moon; Ji Won Kim; Tae Ho Cho, "An Energy-Efficient Routing Method With Intrusion Detection And Prevention For Wireless Sensor Networks," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.467,470, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6779004 Because of the features such as limited resources, wireless communication and harsh environments, wireless sensor networks (WSNs) are prone to various security attacks. Therefore, we need intrusion detection and prevention methods in WSNs. When the two types of schemes are applied, heavy communication overhead and resulting excessive energy consumption of nodes occur. For this reason, we propose an energy efficient routing method in an environment where both intrusion detection and prevention schemes are used in WSNs. We confirmed through experiments that the proposed scheme reduces the communication overhead and energy consumption compared to existing schemes.
  Keywords: security of data; telecommunication network routing; wireless sensor networks; energy-efficient routing method; excessive energy consumption; heavy communication overhead; intrusion detection scheme; intrusion prevention scheme; security attacks; wireless communication; wireless sensor networks; Energy consumption; Intrusion detection; Network topology; Routing; Sensors; Topology; Wireless sensor networks; intrusion detection; intrusion prevention; network layer attacks; wireless sensor networks (ID#:14-3300)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779004&isnumber=6778899

• Rahayu, T.M.; Sang-Gon Lee; Hoon-Jae Lee, "Security Analysis Of Secure Data Aggregation Protocols In Wireless Sensor Networks," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.471,474, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6779005 In order to conserve wireless sensor network (WSN) lifetime, data aggregation is applied. Some researchers consider the importance of security and propose secure data aggregation protocols. The essential of those secure approaches is to make sure that the aggregators aggregate the data in appropriate and secure way. In this paper we give the description of ESPDA (Energy-efficient and Secure Pattern-based Data Aggregation) and SRDA (Secure Reference-Based Data Aggregation) protocol that work on cluster-based WSN and the deep security analysis that are different from the previously presented one.
  Keywords: protocols ;telecommunication security; wireless sensor networks; ESPDA protocol; SRDA protocol; WSN lifetime; cluster-based WSN; deep security analysis; energy-efficient and secure pattern-based data aggregation protocol; secure reference-based data aggregation protocol; wireless sensor network lifetime; Authentication; Cryptography; Energy efficiency; Peer-to-peer computing; Protocols; Wireless sensor networks; Data aggregation protocol; ESPDA; SRDA; WSN; secure data aggregation protocol}, (ID#:14-3301)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779005&isnumber=6778899

• Feng Zhao; Chao Li; Chun Feng Liu, "A Cloud Computing Security Solution Based On Fully Homomorphic Encryption," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.485, 488, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6779008 With the rapid development of Cloud computing, more and more users deposit their data and application on the cloud. But the development of Cloud computing is hindered by many Cloud security problem. Cloud computing has many characteristics, e.g. multi-user, virtualization, scalability and so on. Because of these new characteristics, traditional security technologies can't make Cloud computing fully safe. Therefore, Cloud computing security becomes the current research focus and is also this paper's research direction[1]. In order to solve the problem of data security in cloud computing system, by introducing fully homomorphism encryption algorithm in the cloud computing data security, a new kind of data security solution to the insecurity of the cloud computing is proposed and the scenarios of this application is hereafter constructed. This new security solution is fully fit for the processing and retrieval of the encrypted data, and effectively leading to the broad applicable prospect, the security of data transmission and the storage of the cloud computing.
  Keywords: cloud computing; cryptography; cloud computing security solution; cloud security problem; data security solution; data storage; data transmission; encrypted data processing; encrypted data retrieval; fully homomorphic encryption algorithm; security technologies; Cloud computing; Encryption; Safety; Cloud security; Cloud service; Distributed implementation; Fully homomorphic encryption (ID#:14-3302)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779008&isnumber=6778899

• Xin Wu, "Secure Browser Architecture Based On Hardware Virtualization," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.489, 495, 16-19 Feb. 2014 doi: 10.1109/ICACT.2014.6779009 Ensuring the entire code base of a browser to deal with the security concerns of integrity and confidentiality is a daunting task. The basic method is to split it into different components and place each of them in its own protection domain. OS processes are the prevalent isolation mechanism to implement the protection domain, which result in expensive context-switching overheads produced by Inter-Process Communication (TPC). Besides, the dependences of multiple web instance processes on a single set of privileged ones reduce the entire concurrency. In this paper, we present a secure browser architecture design based on processor virtualization technique. First, we divide the browser code base into privileged components and constrained components which consist of distrusted web page Tenderer components and plugins. All constrained components are in the form of shared object (SO) libraries. Second, we create an isolated execution environment for each distrusted shared object library using the hardware virtualization support available in modern Intel and AMD processors. Different from the current researches, we design a custom kernel module to gain the hardware virtualization capabilities. Third, to enhance the entire security of browser, we implement a validation mechanism to check the OS resources access from distrusted web page Tenderer to the privileged components. Our validation rules is similar with Google chrome. By utilizing VMENTER and VMEXIT which are both CPU instructions, our approach can gain a better system performance substantially.
  Keywords: microprocessor chips; online front-ends; operating systems (computers); security of data; software libraries; virtualisation; AMD processors; CPU instructions; Google chrome; IPC; Intel processors; OS processes; OS resource checking; SO libraries; VMENTER; VMEXIT; browser security; context-switching overheads; distrusted Web page renderer components; distrusted shared object library; hardware virtualization capabilities; interprocess communication; isolated execution environment; isolation mechanism; multiple Web instance processes; processor virtualization technique; secure browser architecture design; validation mechanism; Browsers; Google; Hardware; Monitoring; Security; Virtualization; Web pages; Browser security; Component isolation; Hardware virtualization; System call interposition (ID#:14-3304)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779009&isnumber=6778899

• Xiao Chun Yin; Zeng Guang Liu; Hoon Jae Lee, "An Efficient And Secured Data Storage Scheme In Cloud Computing Using ECC-based PKI," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.523,527, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6779015 Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centres located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. The rapid growth in field of "cloud computing" also increases severe security concerns. Security has remained a constant issue for Open Systems and internet, when we are talking about security, cloud really suffers. Lack of security is the only hurdle in wide adoption of cloud computing. Cloud computing is surrounded by many security issues like securing data and examining the utilization of cloud by the cloud computing vendors. This paper proposes a scheme to securely store and access of data via internet. We have used ECC based PKI for certificate procedure because the use of ECC significantly reduces the computation cost, message size and transmission overhead over RSA based PKI as 160-bit key size in ECC provides comparable security with 1024-bit key in RSA. We have designed Secured Cloud Storage Framework (SCSF). In this framework, users not only can securely store and access data in cloud but also can share data with multiple users through the unsecure internet in a secured way. This scheme can ensure the security and privacy of the data in the cloud.
  Keywords: cloud computing; computer centres; data privacy; open systems; public key cryptography; security of data; storage management; ECC-based PKI; RSA based PKI; SCSF; certificate procedure; cloud computing; cloud services; computation cost; data centres; data privacy; data security; message size; open systems; secured cloud storage framework; secured data storage scheme; security concern; transmission overhead; unsecure Internet; virtual resources; Cloud computing; Educational institutions; Elliptic curve cryptography; Elliptic curves; Certificate; Cloud computing; Cloud storage; ECC; PKI (ID#:14-3305)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779015&isnumber=6778899

• Maksuanpan, S.; Veerawadtanapong, T.; San-Um, W., "Robust Digital Image Cryptosystem Based On Nonlinear Dynamics Of Compound Sine And Cosine Chaotic Maps For Private Data Protection," Advanced Communication Technology (ICACT), 2014 16th International Conference on, pp.418,425, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6779201 This paper presents a digital image cryptosystem based on nonlinear dynamics of a compound sine and cosine chaotic map. The compound sine and cosine chaotic map is proposed for high-degree of chaos over most regions of parameter spaces in order to increase high-entropy random-bit sources. Image diffusion is performed through pixel shuffling and bit-plane separations prior to XOR operations in order to achieve a fast encryption process. Security key conversions from ASCII code to floating number for use as initial conditions and control parameters are also presented in order to enhance key-space and key-sensitivity performances. Experiments have been performed in MATLAB using standard color images. Nonlinear dynamics of the chaotic maps were initially investigated in terms of Cobweb map, chaotic attractor, Lyapunov exponent spectrum, bifurcation diagram, and 2-dimensional parameter spaces. Encryption qualitative performances are evaluated through pixel density histograms, 2-dimensional power spectral density, key space analysis, key sensitivity, vertical, horizontal, and diagonal correlation plots. Encryption quantitative performances are evaluated through correlation coefficients, NPCR and UACI. Demonstrations of wrong-key decrypted image are also included.
  Keywords: chaos; cryptography; data privacy; image colour analysis; 2-dimensional parameter space; 2-dimensional power spectral density; ASCII code; Cobweb map Lyapunov exponent spectrum; NPCR; UACI; XOR operation; bifurcation diagram; bit-plane separations; chaotic attractor; color images; compound cosine chaotic map; compound sine chaotic map; control parameter; correlation coefficient; diagonal correlation plot; encryption process; encryption qualitative performance; encryption quantitative performance; high-entropy random-bit source; horizontal correlation plot; image diffusion; key sensitivity; key space analysis; key-sensitivity performance; key-space performance; nonlinear dynamics; pixel density histograms; pixel shuffling; private data protection; robust digital image cryptosystem; security key conversions; vertical correlation plot; wrong-key decrypted image; Chaotic communication; Compounds; Encryption; Histograms; Chaotic Map; Cryptosystem; Decryption; Digital Image Processing; Encryption; Nonlinear Dynamics (ID#:14-3306)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779201&isnumber=6778899

• Bo Yang; Yamamoto, R.; Tanaka, Y., "Dempster-Shafer Evidence Theory Based Trust Management Strategy Against Cooperative Black Hole Attacks And Gray Hole Attacks in MANETs," Advanced Communication Technology (ICACT), 2014 16th International Conference on , vol., no., pp.223,232, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6779177 The MANETs have been experiencing exponential growth in the past decade. However, their vulnerability to various attacks makes the security problem extremely prominent. The main reasons are its distributed, self-organized and infrastructure independent natures. As concerning these problems, trust management scheme is a common way to detect and isolate the compromised nodes when a cryptography mechanism shows a failure facing inner attacks. Among huge numbers of attacks, black hole attack may collapse the network by depriving the route of the normal communication. The conventional proposed method achieved good performance facing black hole attack, while failing to detect gray hole attacks. In this paper, a Dempster-Shafer (D-S) evidence based trust management strategy is proposed to conquer not only cooperative black hole attack but also gray hole attack. In the proposed method, a neighbour observing model based on watchdog mechanism is used to detect single black hole attack by focusing on the direct trust value (DTV). Historical evidence is also taken into consideration to go against gray hole attacks. Then, a neighbour recommendation model companied with indirect trust value (ITV) is used to figure out the cooperative black hole attack. D-S evidence theory is implemented to combine ITVs from different neighbours. Some of the neighbour nodes may declare a false ITV, which effect can also be diminished through the proposed method. The simulation is firstly conducted in the Matlab to evaluate the performance of the algorithm. Then the security routing protocol is implemented in the GloMoSim to evaluate the effectiveness of the strategy. Both of them show good results and demonstrate the advantages of proposed method by punishing malicious actions to prevent the camouflage and deception in the attacks.
  Keywords: cryptography; inference mechanisms; mobile ad hoc networks; telecommunication network management; telecommunication security; Dempster-Shafer evidence theory; GloMoSim; MANET; Matlab; cooperative black hole attacks; cryptography mechanism; gray hole attacks; indirect trust value; neighbour observing model; trust management strategy; watchdog mechanism; Ad hoc networks; Digital TV; Educational institutions; Mobile computing; Routing protocols; Security; Black hole attack; Dempster-Shafer evidence; Direct trust value; Gray hole attack; Indirect trust value; MANETs; Trust management (ID#:14-3307)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779177&isnumber=6778899

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

International Conferences on Service Oriented System Engineering, 2014, Oxford, U.K.

---

International Conferences: Service Oriented System Engineering, 2014, Oxford, U.K.

The 2014 IEEE 8th International Symposium on Service Oriented System Engineering (SOSE) was held 7-11 April 2014 at Oxford, England. Twenty- two security-related presentations were made and are cited here.

• Hamadache, K.; Zerva, P., "Provenance of Feedback in Cloud Services," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp. 23, 34, 7-11 April 2014. doi: 10.1109/SOSE.2014.10 With the fast adoption of Services Computing, even more driven by the emergence of the Cloud, the need to ensure accountability for quality of service (QoS) for service-based systems/services has reached a critical level. This need has triggered numerous researches in the fields of trust, reputation and provenance. Most of the researches on trust and reputation have focused on their evaluation or computation. In case of provenance they have tried to track down how the service has processed and produced data during its execution. If some of them have investigated credibility models and mechanisms, only few have looked into the way reputation information is produced. In this paper we propose an innovative design for the evaluation of feedback authenticity and credibility by considering the feedback's provenance. This innovative consideration brings up a new level of security and trust in Services Computing, by fighting against malicious feedback and reducing the impact of irrelevant one.
  Keywords: cloud computing; trusted computing; QoS; cloud services; credibility models; feedback authenticity; feedback credibility; feedback provenance; innovative design; malicious feedback; quality of service; reputation information; security; service-based systems/services; services computing; trust; Context; Hospitals; Monitoring; Ontologies; Quality of service; Reliability; Schedules; cloud computing; credibility ;feedback; provenance; reputation (ID#:14-3308)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6825960&isnumber=6825948

• Wei-Tek Tsai; Peide Zhong, "Multi-tenancy and Sub-tenancy Architecture in Software-as-a-Service (SaaS)," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.128,139, 7-11 April 2014. doi: 10.1109/SOSE.2014.20 Multi-tenancy architecture (MTA) is often used in Software-as-a-Service (SaaS) and the central idea is that multiple tenant applications can be developed using components stored in the SaaS infrastructure. Recently, MTA has been extended where a tenant application can have its own sub-tenants as the tenant application acts like a SaaS infrastructure. In other words, MTA is extended to STA (Sub-Tenancy Architecture). In STA, each tenant application not only needs to develop its own functionalities, but also needs to prepare an infrastructure to allow its sub-tenants to develop customized applications. This paper formulates eight models for STA, and discusses their trade-offs including their formal notations and application scenarios.
  Keywords: cloud computing; software architecture;MTA; STA ;SaaS infrastructure; Software-as-a-Service; multitenancy architecture; subtenancy architecture; tenant applications; Computer architecture; Data models; Databases; Organizations; Scalability; Security; Software as a service; Multi-Tenancy Architecture; SaaS; Sub-Tenancy Architecture (ID#:14-3309)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830895&isnumber=6825948

• Yuan-Hsin Tung; Chen-Chiu Lin; Hwai-Ling Shan, "Test as a Service: A Framework for Web Security TaaS Service in Cloud Environment," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp. 212, 217, 7-11 April 2014. doi: 10.1109/SOSE.2014.36 As its name suggests, cloud testing is a form of software testing which uses cloud infrastructure. Its effective unlimited storage, quick availability of the infrastructure with scalability, flexibility and availability of distributed testing environment translate to reducing the execution time of testing of large applications and hence lead to cost-effective solutions. In cloud testing, Testing-as-a-Service (TaaS) is a new model to effectively provide testing capabilities and on-demand testing to end users. There are many studies and solutions to support TaaS service. And security testing is the most suitable form for TaaS service. To leverage the features of TaaS, we propose a framework of TaaS for security testing. We implement the prototype system, Security TaaS (abbrev. S-TaaS) based on our proposed framework. The experiments are conducted to evaluate the performance of our framework and prototype system. The experiment results indicate that our prototype system can provide quality and stable service.
  Keywords: cloud computing; program testing; security of data; TaaS service; Web security; cloud environment; cloud infrastructure; cloud testing; distributed testing environment; on-demand testing; software testing; testing capabilities; testing-as-a-service; Cloud computing; Computational modeling; Monitoring; Prototypes; Security; Software testing; TaaS; Test as a Service; cloud computing; security test; vulnerability detection; web vulnerability (ID#:14-3310)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830908&isnumber=6825948

• Yan Ding; Huaimin Wang; Songzheng Chen; Xiaodong Tang; Hongyi Fu; Peichang Shi, "PIIM: Method of Identifying Malicious Workers in the MapReduce System with an Open Environment," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp. 326, 331, 7-11 April 2014. doi: 10.1109/SOSE.2014.47 MapReduce is widely utilized as a typical computation model of mass data processing. When a MapReduce framework is deployed in an open computation environment, the trustworthiness of the participant workers becomes an important issue because of security threats and the motivation of subjective cheating. Current integrity protection mechanisms are based on replication techniques and use redundant computation to process the same task. However, these solutions require a large amount of computation resource and lack scalability. A probe injection-based identification of malicious worker (PIIM) method is explored in this study. The method randomly injects the probes, whose results are previously known, into the input data and detects malicious workers by analyzing the processed results of the probes. A method of obtaining the set of workers involved in the computation of each probe is proposed by analyzing the shuffle phase in the MapReduce programming model. An EnginTrust-based reputation mechanism that employs information on probe execution is then designed to evaluate the trustworthiness of all the workers and detect the malicious ones. The proposed method operates at the application level and requires no modification to the MapReduce framework. Simulation experiments indicate that the proposed method is effective in detecting malicious workers in large-scale computations. In a system with 100 workers wherein 20 of them are malicious, a detection rate of above 97% can be achieved with only 500 randomly injected probes.
  Keywords: administrative data processing; invasive software; parallel programming; EnginTrust-based reputation mechanism; MapReduce programming model; MapReduce system; PIIM method; malicious worker identification; mass data processing; open computation environment; probe injection-based identification of malicious worker; security threats; subjective cheating; Computational modeling; Data models; Data processing; Estimation; Probes; Programming; Security; MapReduce; mass data processing; open system; probe injection; reputation; worker trustworthiness (ID#:14-3311)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830925&isnumber=6825948

• Hu Ge; Li Ting; Dong Hang; Yu Hewei; Zhang Miao, "Malicious Code Detection for Android Using Instruction Signatures," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp. 332, 337, 7-11 April 2014. doi: 10.1109/SOSE.2014.48 This paper provides an overview of the current static analysis technology of Android malicious code, and a detailed analysis of the format of APK which is the application name of Android platform executable file (dex). From the perspective of binary sequence, Dalvik VM file is syncopated in method, and these test samples are analyzed by automated DEX file parsing tools and Levenshtein distance algorithm, which can detect the malicious Android applications that contain the same signatures effectively. Proved by a large number of samples, this static detection system that based on signature sequences can't only detect malicious code quickly, but also has a very low rate of false positives and false negatives.
  Keywords: Android (operating system); digital signatures; program compilers; program diagnostics; APK format; Android malicious code detection;Android platform executable file;Dalvik VM file; Levenshtein distance algorithm; automated DEX file parsing tools; binary sequence; instruction signatures; malicious Android applications detection; signature sequences; static analysis technology; static detection system; Libraries; Malware; Mobile communication; Smart phones; Software; Testing; Android; DEX; Static Analysis; malicious code (ID#:14-3312)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830926&isnumber=6825948

• AlJahdali, H.; Albatli, A.; Garraghan, P.; Townend, P.; Lau, L.; Jie Xu, "Multi-tenancy in Cloud Computing," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp. 344, 351, 7-11 April 2014. doi: 10.1109/SOSE.2014.50 As Cloud Computing becomes the trend of information technology computational model, the Cloud security is becoming a major issue in adopting the Cloud where security is considered one of the most critical concerns for the large customers of Cloud (i.e. governments and enterprises). Such valid concern is mainly driven by the Multi-Tenancy situation which refers to resource sharing in Cloud Computing and its associated risks where confidentiality and/or integrity could be violated. As a result, security concerns may harness the advancement of Cloud Computing in the market. So, in order to propose effective security solutions and strategies a good knowledge of the current Cloud implementations and practices, especially the public Clouds, must be understood by professionals. Such understanding is needed in order to recognize attack vectors and attack surfaces. In this paper we will propose an attack model based on a threat model designed to take advantage of Multi-Tenancy situation only. Before that, a clear understanding of Multi-Tenancy, its origin and its benefits will be demonstrated. Also, a novel way on how to approach Multi-Tenancy will be illustrated. Finally, we will try to sense any suspicious behavior that may indicate to a possible attack where we will try to recognize the proposed attack model empirically from Google trace logs. Google trace logs are a 29-day worth of data released by Google. The data set was utilized in reliability and power consumption studies, but not been utilized in any security study to the extent of our knowledge.
  Keywords: cloud computing; resource allocation; security of data; Google trace logs; attack model; attack surfaces; attack vectors; cloud computing; cloud security; information technology computational model; multitenancy situation; public clouds; resource sharing; suspicious behavior; threat model; Cloud computing; Computational modeling; Databases; Resource management; Security; Servers; Virtualization; Attack Models; Cloud Computing; Cloud Data; Multi-Tenancy; Security (ID#:14-3313)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830928&isnumber=6825948

• Wei Xiong; Wei-Tek Tsai, "HLA-Based SaaS-Oriented Simulation Frameworks," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.376, 383, 7-11 April 2014 doi: 10.1109/SOSE.2014.74 SaaS (Software-as-a-Service) as a part of cloud computing is a new approach for software construction, evolution, and delivery. This paper proposes HLA-based SaaS-oriented simulation frameworks where simulation services will be organized into a SaaS framework running in a cloud environment. This SaaS-oriented framework can be applied to multiple application domains but illustrated by using HLA (High-Level Architecture). The framework will allow integration of a variety of modules, service-oriented design, flexible customization, multi-granularity simulation, high-performance computing, and system security. It has the potential to reduce system development time, and allows simulation to be run in a cloud environment taking advantages of resources offered by the cloud.
  Keywords: cloud computing; digital simulation; security of data; service-oriented architecture; HLA-based SaaS-oriented simulation; cloud computing; cloud environment; flexible customization; high-level architecture; high-performance computing; multigranularity simulation; service-oriented design; simulation service software as a service; software construction; software delivery; software evolution; system development time reduction; system security; Adaptation models; Computational modeling; Computer architecture; Data models; Databases; Object oriented modeling; Software as a service; HLA; SaaS (Software-as-a-Service);service-oriented design; simulation frameworks (ID#:14-3314)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830933&isnumber=6825948

• Dornhackl, H.; Kadletz, K.; Luh, R.; Tavolato, P., "Malicious Behavior Patterns," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.384, 389, 7-11 April 2014. doi: 10.1109/SOSE.2014.52 This paper details a schema developed for defining malicious behavior in software. The presented approach enables malware analysts to identify and categorize malicious software through its high-level goals as well as down to the individual functions executed on operating system level. We demonstrate the practical application of the schema by mapping dynamically extracted system call patterns to a comprehensive hierarchy of malicious behavior.
  Keywords: invasive software; object-oriented methods; malicious behavior patterns; malware analyst; operating system level; Availability; Grammar; Malware; Payloads; Reconnaissance; Software; Vectors; behavior pattern; formal grammar; malware (ID#:14-3315)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830934&isnumber=6825948

• Atkinson, J.S.; Mitchell, J.E.; Rio, M.; Matich, G., "Your WiFi Is Leaking: Building a Low-Cost Device to Infer User Activities," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.396,397, 7-11 April 2014. doi: 10.1109/SOSE.2014.54 This paper documents a hardware and software implementation to monitor, capture and store encrypted WiFi communication data. The implementation detailed can perform this entirely passively using only cheap commodity hardware and freely available software. It is hoped that this will be of use to other researchers and practitioners wishing to explore activity inference without breaking encryption, or supplement the (somewhat scarce) existing body of data available from this particular external perspective.
  Keywords: cryptography; wireless LAN; WiFi; communication data; encryption; Encryption; Hardware; IEEE 802.11 Standards; Privacy; Software; Wireless communication; activity inference; cyber security; encryption; implementation; wifi (ID#:14-3316)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830936&isnumber=6825948

• Alzahrani, A.A.H.; Eden, A.H.; Yafi, M.Z., "Structural Analysis of the Check Point Pattern," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.404, 408, 7-11 April 2014. doi: 10.1109/SOSE.2014.56 We investigate intuitive claims made in security pattern catalogues using the formal language of Codecharts and the Two-Tier Programming Toolkit. We analyse the Check Point pattern's structure and explore claims about conformance (of programs to the pattern), about consistency (between different catalogues), and about the relation between (security and design) patterns. Our analysis shows that some of the intuitive claims hold whereas others were found inaccurate or false.
  Keywords: checkpointing; formal languages; security of data; check point pattern; codecharts; formal language; intuitive claims; security pattern catalogues; structural analysis; two-tier programming toolkit; Educational institutions; Java; Object oriented modeling; Security; Software; Unified modeling language; Codecharts; Security patterns; design pattern; design verification; formal languages (ID#:14-3317)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830938&isnumber=6825948

• Kulkarni, A.; Metta, R., "A New Code Obfuscation Scheme for Software Protection," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.409, 414, 7-11 April 2014. doi: 10.1109/SOSE.2014.57 IT industry loses tens of billions of dollars annually from security attacks such as tampering and malicious reverse engineering. Code obfuscation techniques counter such attacks by transforming code into patterns that resist the attacks. None of the current code obfuscation techniques satisfy all the obfuscation effectiveness criteria such as resistance to reverse engineering attacks and state space increase. To address this, we introduce new code patterns that we call nontrivial code clones and propose a new obfuscation scheme that combines nontrivial clones with existing obfuscation techniques to satisfy all the effectiveness criteria. The nontrivial code clones need to be constructed manually, thus adding to the development cost. This cost can be limited by cloning only the code fragments that need protection and by reusing the clones across projects. This makes it worthwhile considering the security risks. In this paper, we present our scheme and illustrate it with a toy example.
  Keywords: computer crime; reverse engineering; software engineering; systems re-engineering; IT industry; code fragment cloning; code obfuscation scheme; code patterns; code transformation; malicious reverse engineering; nontrivial code clones; security attacks; software protection; tampering; Cloning; Complexity theory; Data processing; Licenses; Resistance; Resists; Software (ID#:14-3318)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830939&isnumber=6825948

• Smith, P.; Schaeffer-Filho, A., "Management Patterns for Smart Grid Resilience," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.415,416, 7-11 April 2014. doi: 10.1109/SOSE.2014.58 Smart grids are power distribution networks characterised by an increased level of automation of the infrastructure, sensors and actuators connected to monitoring and control centres, and are strongly supported by information and communication technology (ICT). Consequently, smart grids are more vulnerable to cyber-attacks. In this position paper, we advocate the need for management patterns that capture best-practices for ensuring the resilience of smart grids to cyber-attacks and other related challenges. Management patterns are akin to software design patterns in the sense that patterns promote the use of well-established solutions to recurring problems. These patterns describe how to orchestrate the cyber-physical behaviour of ICT, industrial control systems and human resources in a safe manner, in response to cyber-attacks.
  Keywords: actuators; distribution networks; power engineering computing; power system management; security of data; sensors; smart power grids; ICT; actuators; control centres; cyber-attacks; cyber-physical behaviour; human resources; industrial control systems; information and communication technology; management patterns; power distribution networks; sensors; smart grid resilience;software design patterns; Automation; Guidelines; Resilience; Security; Smart grids; Standards (ID#:14-3319)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830940&isnumber=6825948

• Blyth, A., "Understanding Security Patterns for Socio-technical Systems via Responsibility Modelling," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.417, 421, 7-11 April 2014. doi: 10.1109/SOSE.2014.59 Increasingly, security requirements are being viewed as a social construct derived from the culture and society within which the requirement is said to exist. A socio-technical system can be modelled as a series of inter-related, and interacting patterns of behaviour. Within a socio-technical system a security requirements can be derived from the analysis and interaction of the pattern. To capture and understand these requirements/patterns we need to make use of a formal reasoning system that supports a rigorous deductive process. In this paper we will develop a formal model of a socio -- technical systems pattern using a Kripke Semantic model. Then, via the application of Kripke Semantics to the modelling of responsibilities and how they are created/fulfilled within a socio -- context, we will derive a set of security requirements/patterns.
  Keywords: {human computer interaction; programming language semantics; security of data; social aspects of automation; Kripke semantic model; deductive process; formal reasoning system; responsibility modelling; security patterns; security requirements; socio-technical system; Analytical models; Computational modeling; Context; Security; Semantics; Sociotechnical systems; Accountability; Liability and Culpability; Modal Action Logic (MAL); Responsibility Modelling; SocioTechnical System (STS) (ID#:14-3320)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830941&isnumber=6825948

• Aziz, B.; Blackwell, C., "Using Security Patterns for Modelling Security Capabilities in Grid Systems," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.422,427, 7-11 April 2014. doi: 10.1109/SOSE.2014.60 We extend previous work on formalising design patterns to start the development of security patterns for Grid systems. We demonstrate the feasibility of our approach with a case study involving a deployed security architecture in a Grid Operating System called XtreemOS. A number of Grid security management capabilities that aid the secure setting-up and running of a Grid are presented. We outline the functionality needed for such cases in a general form, which could be utilised when considering the development of similar large-scale systems in the future. We also specifically describe the use of authentication patterns that model the extension of trust from a secure core, and indicate how these patterns can be composed, specialised and instantiated.
  Keywords: grid computing; operating systems (computers); security of data; XtreemOS; authentication patterns; design patterns formalization; grid operating system; grid security management capabilities; grid systems; security capabilities modeling; security patterns; trust extension; Authentication; Databases; Monitoring; Operating systems; Public key; Receivers; Grid operating systems; Security patterns; authentication patterns; security architectures (ID#:14-3321)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830942&isnumber=6825948

• Duncan, I.; De Muijnck-Hughes, J., "Security Pattern Evaluation," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.428, 429, 7-11 April 2014. doi: 10.1109/SOSE.2014.61 Current Security Pattern evaluation techniques are demonstrated to be incomplete with respect to quantitative measurement and comparison. A proposal for a dynamic testbed system is presented as a potential mechanism for evaluating patterns within a constrained environment.
  Keywords: pattern classification; security of data; dynamic testbed system; security pattern evaluation; Complexity theory; Educational institutions; Measurement; Security; Software; Software reliability; Testing; evaluation; metrics; security patterns; testing (ID#:14-3322)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830943&isnumber=6825948

• Madhusudhan, R.; Kumar, S.R., "Cryptanalysis of a Remote User Authentication Protocol Using Smart Cards," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.474,477, 7-11 April 2014. doi: 10.1109/SOSE.2014.84 Remote user authentication using smart cards is a method of verifying the legitimacy of remote users accessing the server through insecure channel, by using smart cards to increase the efficiency of the system. During last couple of years many protocols to authenticate remote users using smart cards have been proposed. But unfortunately, most of them are proved to be unsecure against various attacks. Recently this year, Yung-Cheng Lee improved Shin et al.'s protocol and claimed that their protocol is more secure. In this article, we have shown that Yung-Cheng-Lee's protocol too has defects. It does not provide user anonymity; it is vulnerable to Denial-of-Service attack, Session key reveal, user impersonation attack, Server impersonation attack and insider attacks. Further it is not efficient in password change phase since it requires communication with server and uses verification table.
  Keywords: computer network security; cryptographic protocols; message authentication; smart cards; Yung-Cheng-Lee's protocol; cryptanalysis; denial-of-service attack; insecure channel; insider attacks; legitimacy verification; password change phase; remote user authentication protocol; server impersonation attack; session key; smart cards; user impersonation attack; verification table;Authentication;Bismuth;Cryptography;Protocols;Servers;Smart cards; authentication; smart card; cryptanalysis; dynamic id (ID#:14-3323)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830951&isnumber=6825948

• Alarifi, S.; Wolthusen, S.D., "Mitigation of Cloud-Internal Denial of Service Attacks," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.478,483, 7-11 April 2014. doi: 10.1109/SOSE.2014.71 Cloud computing security is one of the main concerns preventing the adoption of the cloud by many organisations. This paper introduces mitigation strategies to defend the cloud specific CIDoS class of attacks (Cloud-Internal Denial of Service), presented in [1]. The mitigation approaches are based on techniques used in signals processing field. The main strategy to detect the attack is the calculation of correlations measurement and distances between attackers workload patters, we use DCT (Discrete Cosine Transform) to accomplish this task. This paper also suggests some prevention and response strategies.
  Keywords: cloud computing; computer network security; discrete cosine transforms; CIDoS class; DCT; attack detection; cloud computing security; cloud-internal denial of service attack mitigation; correlations measurement; discrete cosine transform; mitigation strategies; prevention strategy; response strategy; signals processing field; Computer crime; Correlation; Delays; Discrete cosine transforms; Educational institutions; Monitoring; Testing; CIDoS attack detection; Cloud Attack Mitigation; Cloud Computing Security; Cloud DoS attacks; IaaS Cloud Security (ID#:14-3324)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830952&isnumber=6825948

• Mapp, G.; Aiash, M.; Ondiege, B.; Clarke, M., "Exploring a New Security Framework for Cloud Storage Using Capabilities," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.484,489, 7-11 April 2014. doi: 10.1109/SOSE.2014.69 We are seeing the deployment of new types of networks such as sensor networks for environmental and infrastructural monitoring, social networks such as facebook, and e-Health networks for patient monitoring. These networks are producing large amounts of data that need to be stored, processed and analysed. Cloud technology is being used to meet these challenges. However, a key issue is how to provide security for data stored in the Cloud. This paper addresses this issue in two ways. It first proposes a new security framework for Cloud security which deals with all the major system entities. Secondly, it introduces a Capability ID system based on modified IPv6 addressing which can be used to implement a security framework for Cloud storage. The paper then shows how these techniques are being used to build an e-Health system for patient monitoring.
  Keywords: cloud computing; electronic health records; patient monitoring; social networking (online);storage management;IPv6 addressing; capability ID system; cloud security; cloud storage; cloud technology; e-Health system; e-health networks; environmental monitoring; facebook; infrastructural monitoring; patient monitoring; security for data security framework; sensor networks; social networks; system entity; Cloud computing; Companies; Monitoring; Protocols; Security; Servers; Virtual machine monitors; Capability Systems; Cloud Storage; Security Framework; e-Health Monitoring (ID#:14-3325)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830953&isnumber=6825948

• Euijin Choo; Younghee Park; Siyamwala, H., "Identifying Malicious Metering Data in Advanced Metering Infrastructure," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.490,495, 7-11 April 2014. doi: 10.1109/SOSE.2014.75 Advanced Metering Infrastructure (AMI) has evolved to measure and control energy usage in communicating through metering devices. However, the development of the AMI network brings with it security issues, including the increasingly serious risk of malware in the new emerging network. Malware is often embedded in the data payloads of legitimate metering data. It is difficult to detect malware in metering devices, which are resource-constrained embedded systems, during time-critical communications. This paper describes a method in order to distinguish malware-bearing traffic and legitimate metering data using a disassembler and statistical analysis. Based on the discovered unique characteristic of each data type, the proposed method detects malicious metering data. (i.e. malware-bearing data). The analysis of data payloads is statistically performed while investigating a distribution of instructions in traffic by using a disassembler. Doing so demonstrates that the distribution of instructions in metering data is significantly different from that in malware-bearing data. The proposed approach successfully identifies the two different types of data with complete accuracy, with 0% false positives and 0% false negatives.
  Keywords: invasive software; metering; power system security; program assemblers; smart meters; statistical analysis; AMI network; advanced metering infrastructure; data payloads; disassembler; energy usage; malicious metering data; malware-bearing data; malware-bearing traffic; metering devices; resource constrained embedded systems; security issues; statistical analysis; time-critical communications; Malware; Registers; Statistical analysis; Testing; Training; ARM Instructions; Advanced Metering Infrastructure; Diassembler; Malware; Security; Smart Meters (ID#:14-3326)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830954&isnumber=6825948

• Hongjun Dai; Qian Li; Meikang Qiu; Zhilou Yu; Zhiping Jia, "A Cloud Trust Authority Framework for Mobile Enterprise Information System," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.496,501, 7-11 April 2014. doi: 10.1109/SOSE.2014.68 With the trend of mobile enterprise information systems, security has become the primary issue as it relates to business secret, decision, and process control. Hence, we carry out a fully customized framework to emphasize on security from trust authority of the cloud certificate authority server, and to guarantee security with the process of the software developments. The core object model, named as secure mobile beans (SMB), can be deployed into the cloud server. Our framework consists of SMB models, object-relation mapping module, SMB translator, and development tools. The use cases show that it can free developers from the complex implementation of security policies during the development stages, shorten the time of mobile application's development effectively.
  Keywords: cloud computing; file servers; information systems; trusted computing; SMB translator; business secret; cloud certificate authority server; cloud trust authority framework; fully customized framework; mobile enterprise information system; object-relation mapping module; process control; secure mobile beans; security policies; software developments; Authentication; Data models; Databases; Java; Mobile communication; Servers; cloud trust authority; enterprise development framework; mobile enterprise information system; secure mobile beans (ID#:14-3327)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830955&isnumber=6825948

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

International Conferences: Dependable Systems and Networks (2014) - USA

---

As part of the series focused upon specific international conferences, the citations given here are from the 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), held in Atlanta, Georgia on 23-26 June 2014. All relate to security issue research.

• Cuong Pham; Estrada, Z.; Phuong Cao; Kalbarczyk, Z.; Iyer, R.K., "Reliability and Security Monitoring of Virtual Machines Using Hardware Architectural Invariants," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.13,2 4, 23-26 June 2014. doi: 10.1109/DSN.2014.19 This paper presents a solution that simultaneously addresses both reliability and security (RnS) in a monitoring framework. We identify the commonalities between reliability and security to guide the design of Hyper Tap, a hyper visor-level framework that efficiently supports both types of monitoring in virtualization environments. In Hyper Tap, the logging of system events and states is common across monitors and constitutes the core of the framework. The audit phase of each monitor is implemented and operated independently. In addition, Hyper Tap relies on hardware invariants to provide a strongly isolated root of trust. Hyper Tap uses active monitoring, which can be adapted to enforce a wide spectrum of RnS policies. We validate Hyper Tap by introducing three example monitors: Guest OS Hang Detection (GOSHD), Hidden Root Kit Detection (HRKD), and Privilege Escalation Detection (PED). Our experiments with fault injection and real root kits/exploits demonstrate that Hyper Tap provides robust monitoring with low performance overhead.
  Keywords: monitoring; reliability; security of data; virtual machines; GOSHD; Guest OS Hang Detection; HRKD; Hyper Tap; PED; active monitoring; fault injection; hardware architectural invariants; hidden root kit detection; hyper visor-level framework; privilege escalation detection; reliability; robust monitoring; security monitoring framework; virtual machines; virtualization environments; Data structures; Hardware; Kernel; Monitoring; Reliability; Security; Virtual machine monitors; Fault Injection; Hypervisor; Invariant; Monitoring; Reliability; Rootkit; Security (ID#:14-3095)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903563&isnumber=6903544

• Haq, O.; Ahmed, W.; Syed, A.A., "Titan: Enabling Low Overhead and Multi-faceted Network Fingerprinting of a Bot," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.37, 44, 23-26 June 2014. doi: 10.1109/DSN.2014.20 Botnets are an evolutionary form of malware, unique in requiring network connectivity for herding by a botmaster that allows coordinated attacks as well as dynamic evasion from detection. Thus, the most interesting features of a bot relate to its rapidly evolving network behavior. The few academic and commercial malware observation systems that exist, however, are either proprietary or have large cost and management overhead. Moreover, the network behavior of bots changes considerably under different operational contexts. We first identify these various contexts that can impact its fingerprint. We then present Titan: a system that generates faithful network fingerprints by recreating all these contexts and stressing the bot with different network settings and host interactions. This effort includes a semi-automated and tunable containment policy to prevent bot proliferation. Most importantly, Titan has low cost overhead as a minimal setup requires just two machines, while the provision of a user-friendly web interface reduces the setup and management overhead. We then show a fingerprint of the Crypto locker bot to demonstrate automatic detection of its domain generation algorithm (DGA). We also demonstrate the effective identification of context specific behavior with a controlled deployment of Zeus botnet.
  Keywords: invasive software; Botnets; Crypto locker bot; DGA; Titan system; Zeus botnet; bot detection; bot proliferation prevention; botmaster; containment policy; domain generation algorithm; malware; malware observation systems; network connectivity; network fingerprinting; Context; Fingerprint recognition; IP networks; Logic gates; Malware; Ports (Computers); Sensors; botnets; containment policy; malware fingerprint; software defined networking; testbed (ID#:14-3096)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903565&isnumber=6903544

• Howard, G.M.; Gutierrez, C.N.; Arshad, F.A.; Bagchi, S.; Yuan Qi, "pSigene: Webcrawling to Generalize SQL Injection Signatures," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.45, 56, 23-26 June 2014. doi: 10.1109/DSN.2014.21 Intrusion detection systems (IDS) are an important component to effectively protect computer systems. Misuse detection is the most popular approach to detect intrusions, using a library of signatures to find attacks. The accuracy of the signatures is paramount for an effective IDS, still today's practitioners rely on manual techniques to improve and update those signatures. We present a system, called pSigene, for the automatic generation of intrusion signatures by mining the vast amount of public data available on attacks. It follows a four-step process to generate the signatures, by first crawling attack samples from multiple public cyber security web portals. Then, a feature set is created from existing detection signatures to model the samples, which are then grouped using a biclustering algorithm which also gives the distinctive features of each cluster. Finally the system automatically creates a set of signatures using regular expressions, one for each cluster. We tested our architecture for SQL injection attacks and found our signatures to have a True and False Positive Rates of 90.52% and 0.03%, respectively and compared our findings to other SQL injection signature sets from popular IDS and web application firewalls. Results show our system to be very competitive to existing signature sets.
  Keywords: SQL; authorisation; data mining; digital signatures; portals; IDS; SQL injection attack; SQL injection signature; Webcrawling; biclustering algorithm; crawling attack; data mining; intrusion detection system; misuse detection; pSigene; public cyber security Web portal; Clustering algorithms; Computer security; Databases; Feature extraction; Manuals; Portals; SQL injection; biclustering; signature generalization; web application security}, (ID#:14-3097)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903566&isnumber=6903544

• Haitao Du; Yang, S.J., "Probabilistic Inference for Obfuscated Network Attack Sequences," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.57, 67, 23-26 June 2014. doi: 10.1109/DSN.2014.22 Facing diverse network attack strategies and overwhelming alters, much work has been devoted to correlate observed malicious events to pre-defined scenarios, attempting to deduce the attack plans based on expert models of how network attacks may transpire. Sophisticated attackers can, however, employ a number of obfuscation techniques to confuse the alert correlation engine or classifier. Recognizing the need for a systematic analysis of the impact of attack obfuscation, this paper models attack strategies as general finite order Markov models, and treats obfuscated observations as noises. Taking into account that only finite observation window and limited computational time can be afforded, this work develops an algorithm to efficiently inference on the joint distribution of clean and obfuscated attack sequences. The inference algorithm recovers the optimal match of obfuscated sequences to attack models, and enables a systematic and quantitative analysis on the impact of obfuscation on attack classification.
  Keywords: Markov processes; computer network security; invasive software; Markov models; attack obfuscation; diverse network attack strategies; finite observation window; limited computational time; obfuscated attack sequences; obfuscated network attack sequences; observed malicious events; probabilistic inference; sophisticated attackers; systematic analysis; Computational modeling; Dynamic programming; Hidden Markov models; Inference algorithms; Markov processes; Probabilistic logic; Vectors (ID#:14-3098)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903567&isnumber=6903544

• Anceaume, E.; Busnel, Y.; Le Merrer, E.; Ludinard, R.; Marchand, J.L.; Sericola, B., "Anomaly Characterization in Large Scale Networks," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.68, 79, 23-26 June 2014. doi: 10.1109/DSN.2014.23 The context of this work is the online characterization of errors in large scale systems. In particular, we address the following question: Given two successive configurations of the system, can we distinguish massive errors from isolated ones, the former ones impacting a large number of nodes while the second ones affect solely a small number of them, or even a single one? The rationale of this question is twofold. First, from a theoretical point of view, we characterize errors with respect to their neighbourhood, and we show that there are error scenarios for which isolated and massive errors are indistinguishable from an omniscient observer point of view. We then relax the definition of this problem by introducing unresolved configurations, and exhibit necessary and sufficient conditions that allow any node to determine the type of errors it has been impacted by. These conditions only depend on the close neighbourhood of each node and thus are locally computable. We present algorithms that implement these conditions, and show through extensive simulations, their performances. Now from a practical point of view, distinguishing isolated errors from massive ones is of utmost importance for networks providers. For instance, for Internet service providers that operate millions of home gateways, it would be very interesting to have procedures that allow gateways to self distinguish whether their dysfunction is caused by network-level errors or by their own hardware or software, and to notify the service provider only in the latter case.
  Keywords: computerised monitoring; digital simulation; distributed processing ; security of data; anomaly characterization; error online characterization; extensive simulations ;isolated errors; large scale distributed systems; large scale networks; large scale systems; massive errors; online monitoring problem; Bismuth; Measurement; Monitoring; Observers; Peer-to-peer computing; Quality of service; Trajectory; Error detection; large scale systems; local algorithms (ID#:14-3099)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903568&isnumber=6903544

• Daiping Liu; Haining Wang; Stavrou, A., "Detecting Malicious Javascript in PDF through Document Instrumentation," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.100, 111, 23-26 June 2014. doi: 10.1109/DSN.2014.92 An emerging threat vector, embedded malware inside popular document formats, has become rampant since 2008. Owed to its wide-spread use and Javascript support, PDF has been the primary vehicle for delivering embedded exploits. Unfortunately, existing defenses are limited in effectiveness, vulnerable to evasion, or computationally expensive to be employed as an on-line protection system. In this paper, we propose a context-aware approach for detection and confinement of malicious Javascript in PDF. Our approach statically extracts a set of static features and inserts context monitoring code into a document. When an instrumented document is opened, the context monitoring code inside will cooperate with our runtime monitor to detect potential infection attempts in the context of Javascript execution. Thus, our detector can identify malicious documents by using both static and runtime features. To validate the effectiveness of our approach in a real world setting, we first conduct a security analysis, showing that our system is able to remain effective in detection and be robust against evasion attempts even in the presence of sophisticated adversaries. We implement a prototype of the proposed system, and perform extensive experiments using 18623 benign PDF samples and 7370 malicious samples. Our evaluation results demonstrate that our approach can accurately detect and confine malicious Javascript in PDF with minor performance overhead.
  Keywords: Java; document handling; feature extraction ;invasive software; ubiquitous computing; Javascript execution; Javascript support; PDF; context monitoring code; context-aware approach; document format; document instrumentation; embedded malware; emerging threat vector; evasion attempt; malicious Javascript confinement; malicious Javascript detection; malicious document identification; online protection system; potential infection attempt detection; runtime feature; runtime monitoring; security analysis; sophisticated adversaries; static feature extraction; Context; Feature extraction; Instruments; Malware; Monitoring; Portable document format; Runtime; Malcode bearing PDF; document instrumentation; malicious Javascript; malware detection and confinement (ID#:14-3100)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903571&isnumber=6903544

• Bin Liang; Wei You; Liangkun Liu; Wenchang Shi; Heiderich, M., "Scriptless Timing Attacks on Web Browser Privacy," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.112,123, 23-26 June 2014 doi: 10.1109/DSN.2014.93 The existing Web timing attack methods are heavily dependent on executing client-side scripts to measure the time. However, many techniques have been proposed to block the executions of suspicious scripts recently. This paper presents a novel timing attack method to sniff users' browsing histories without executing any scripts. Our method is based on the fact that when a resource is loaded from the local cache, its rendering process should begin earlier than when it is loaded from a remote website. We leverage some Cascading Style Sheets (CSS) features to indirectly monitor the rendering of the target resource. Three practical attack vectors are developed for different attack scenarios and applied to six popular desktop and mobile browsers. The evaluation shows that our method can effectively sniff users' browsing histories with very high precision. We believe that modern browsers protected by script-blocking techniques are still likely to suffer serious privacy leakage threats.
  Keywords: data privacy; online front-ends; CSS features; Web browser privacy; Web timing attack methods; cascading style sheets; client-side scripts; desktop browser; mobile browser; privacy leakage threats; rendering process; script-blocking techniques; scriptless timing attacks; user browsing history; Animation; Browsers; Cascading style sheets; History; Rendering (computer graphics);Timing; Web privacy; browsing history; scriptless attack; timing attack (ID#:14-3101)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903572&isnumber=6903544

• Shaw, A.; Doggett, D.; Hafiz, M., "Automatically Fixing C Buffer Overflows Using Program Transformations," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.124, 135, 23-26 June 2014. doi: 10.1109/DSN.2014.25 Fixing C buffer overflows at source code level remains a manual activity, at best semi-automated. We present an automated approach to fix buffer overflows by describing two program transformations that automatically introduce two well-known security solutions to C source code. The transformations embrace the difficulties of correctly analyzing and modifying C source code considering pointers and aliasing. They are effective: they fixed all buffer overflows featured in 4,505 programs of NIST's SAMATE reference dataset, making the changes automatically on over 2.3 million lines of code (MLOC). They are also safe: we applied them to make hundreds of changes on four open source programs (1.7 MLOC) without breaking the programs. Automated transformations such as these can be used by developers during coding, and by maintainers to fix problems in legacy code. They can be applied on a case by case basis, or as a batch to fix the root causes behind buffer overflows, thereby improving the dependability of systems.
  Keywords: C language; public domain software; security of data; source code (software) ;source coding; C source code; MLOC; NIST SAMATE reference dataset; automatic C buffer overflow fixing; legacy code; million lines of code; open source programs; program transformations; security solutions; source coding; Algorithm design and analysis; Arrays; ISO standards; Libraries; Manuals; Security; buffer; dependability; overflow; security (ID#:14-3102)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903573&isnumber=6903544

• Lerner, L.W.; Franklin, Z.R.; Baumann, W.T.; Patterson, C.D., "Application-Level Autonomic Hardware to Predict and Preempt Software Attacks on Industrial Control Systems," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.136, 147, 23-26 June 2014 doi: 10.1109/DSN.2014.26 We mitigate malicious software threats to industrial control systems, not by bolstering perimeter security, but rather by using application-specific configurable hardware to monitor and possibly override software operations in real time at the lowest (I/O pin) level of a system-on-chip platform containing a micro controller augmented with configurable logic. The process specifications, stability-preserving backup controller, and switchover logic are specified and formally verified as C code commonly used in control systems, but synthesized into hardware to resist software reconfiguration attacks. In addition, a copy of the production controller task is optionally implemented in an on-chip, isolated soft processor, connected to a model of the physical process, and accelerated to preview what the controller will attempt to do in the near future. This prediction provides greater assurance that the backup controller can be invoked before the physical process becomes unstable. Adding trusted, application-tailored, software-invisible, autonomic hardware is well-supported in a commercial system-on-chip platform.
  Keywords: industrial control; security of data; software engineering; system-on-chip; trusted computing; application-level autonomic hardware; application-tailored hardware; industrial control systems; malicious software threats; perimeter security; software attacks;s oftware reconfiguration attacks; software-invisible hardware; system-on-chip platform; trusted hardware; Hardware; Kernel; Monitoring; Process control; Production; Security ;formal analysis ;hardware root-of-trust; industrial control system security; software threats (ID#:14-3103)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903574&isnumber=6903544

• Rahman, M.A.; Al-Shaer, E.; Kavasseri, R.G., "Security Threat Analytics and Countermeasure Synthesis for Power System State Estimation," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.156, 167, 23-26 June 2014. doi: 10.1109/DSN.2014.29 State estimation plays a critically important role in ensuring the secure and reliable operation of the power grid. However, recent works have shown that the widely used weighted least squares (WLS) estimator, which uses several system wide measurements, is vulnerable to cyber attacks wherein an adversary can alter certain measurements to corrupt the estimator's solution, but evade the estimator's existing bad data detection algorithms and thus remain invisible to the system operator. Realistically, such a stealthy attack in its most general form has several constraints, particularly in terms of an adversary's knowledge and resources for achieving a desired attack outcome. In this light, we present a formal framework to systematically investigate the feasibility of stealthy attacks considering constraints of the adversary. In addition, unlike prior works, our approach allows the modeling of attacks on topology mappings, where an adversary can drastically strengthen stealthy attacks by intentionally introducing topology errors. Moreover, we show that this framework allows an operator to synthesize cost-effective countermeasures based on given resource constraints and security requirements in order to resist stealthy attacks. The proposed approach is illustrated on standard IEEE test cases.
  Keywords: energy management systems; least squares approximations; power grids; power system state estimation; security of data; topology; IEEE test cases; WLS estimator; countermeasure synthesis; data detection algorithms; power grid; power system state estimation; security threat analytics; stealthy cyber attacks; topology errors; topology mappings; weighted least square estimator; Equations; Mathematical model; Power measurement; Security State estimation; Topology; Transmission line measurements; False Data Injection Attack; Formal Method; Power Grid; State Estimation (ID#:14-3104)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903576&isnumber=6903544

• Mustafa, H.; Wenyuan Xu; Sadeghi, A.R.; Schulz, S., "You Can Call but You Can't Hide: Detecting Caller ID Spoofing Attacks," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.168,179, 23-26 June 2014. doi: 10.1109/DSN.2014.102 Caller ID (caller identification) is a service provided by telephone carriers to transmit the phone number and/or the name of a caller to a callee. Today, most people trust the caller ID information, and it is increasingly used to authenticate customers (e.g., by banks or credit card companies). However, with the proliferation of smartphones and VoIP, it is easy to spoof caller ID by installing corresponding Apps on smartphones or by using fake ID providers. As telephone networks are fragmented between enterprises and countries, no mechanism is available today to easily detect such spoofing attacks. This vulnerability has already been exploited with crucial consequences such as faking caller IDs to emergency services (e.g., 9-1-1) or to commit fraud. In this paper, we propose an end-to-end caller ID verification mechanism CallerDec that works with existing combinations of landlines, cellular and VoIP networks. CallerDec can be deployed at the liberty of users, without any modification to the existing infrastructures. We implemented our scheme as an App for Android-based phones and validated the effectiveness of our solution in detecting spoofing attacks in various scenarios.
  Keywords: Android (operating system); Internet telephony; authorisation; mobile radio; smart phones; Android-based phones; CallerDec; VoIP networks; caller ID information; caller ID spoofing attacks; caller identification; cellular networks; customer authentication; emergency services; end-to-end caller ID verification mechanism; fake ID providers; landlines; smartphones; telephone networks; Authentication; Credit cards; Emergency services; Protocols; Smart phones; Timing; Caller ID Spoofing ; End-user Security (ID#:14-3105)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903577&isnumber=6903544

• Chenxiong Qian; Xiapu Luo; Yuru Shao; Chan, A.T.S., "On Tracking Information Flows through JNI in Android Applications," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp. 180, 191, 23-26 June 2014. doi: 10.1109/DSN.2014.30 Android provides native development kit through JNI for developing high-performance applications (or simply apps). Although recent years have witnessed a considerable increase in the number of apps employing native libraries, only a few systems can examine them. However, none of them scrutinizes the interactions through JNI in them. In this paper, we conduct a systematic study on tracking information flows through JNI in apps. More precisely, we first perform a large-scale examination on apps using JNI and report interesting observations. Then, we identify scenarios where information flows uncaught by existing systems can result in information leakage. Based on these insights, we propose and implement NDroid, an efficient dynamic taint analysis system for checking information flows through JNI. The evaluation through real apps shows NDroid can effectively identify information leaks through JNI with low performance overheads.
  Keywords: Android (operating system); Java; Android applications; JNI; Java Native Interface; NDroid systems; high-performance applications; information flow tracking; Androids; Context; Engines; Games; Humanoid robots ;Java; Libraries (ID#:14-3106)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903578&isnumber=6903544

• Kharraz, A.; Kirda, E.; Robertson, W.; Balzarotti, D.; Francillon, A., "Optical Delusions: A Study of Malicious QR Codes in the Wild," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.192,203, 23-26 June 2014. doi: 10.1109/DSN.2014.103 QR codes, a form of 2D barcode, allow easy interaction between mobile devices and websites or printed material by removing the burden of manually typing a URL or contact information. QR codes are increasingly popular and are likely to be adopted by malware authors and cyber-criminals as well. In fact, while a link can "look" suspicious, malicious and benign QR codes cannot be distinguished by simply looking at them. However, despite public discussions about increasing use of QR codes for malicious purposes, the prevalence of malicious QR codes and the kinds of threats they pose are still unclear. In this paper, we examine attacks on the Internet that rely on QR codes. Using a crawler, we performed a large-scale experiment by analyzing QR codes across 14 million unique web pages over a ten-month period. Our results show that QR code technology is already used by attackers, for example to distribute malware or to lead users to phishing sites. However, the relatively few malicious QR codes we found in our experiments suggest that, on a global scale, the frequency of these attacks is not alarmingly high and users are rarely exposed to the threats distributed via QR codes while surfing the web.
  Keywords: Internet; Web sites; computer crime; invasive software ;telecommunication security;2D barcode; Internet; URL; Web crawler; Web sites; contact information; malicious QR code; mobile device; optical delusion; phishing sites; Crawlers; Malware; Mobile communication; Servers; Smart phones; Web pages; Mobile devices; malicious QR codes; malware; phishing (ID#:14-3107)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903579&isnumber=6903544

• Quan Jia; Huangxin Wang; Fleck, D.; Fei Li; Stavrou, A.; Powell, W., "Catch Me If You Can: A Cloud-Enabled DDoS Defense," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.264,275, 23-26 June 2014. doi: 10.1109/DSN.2014.35 We introduce a cloud-enabled defense mechanism for Internet services against network and computational Distributed Denial-of-Service (DDoS) attacks. Our approach performs selective server replication and intelligent client re-assignment, turning victim servers into moving targets for attack isolation. We introduce a novel system architecture that leverages a "shuffling" mechanism to compute the optimal re-assignment strategy for clients on attacked servers, effectively separating benign clients from even sophisticated adversaries that persistently follow the moving targets. We introduce a family of algorithms to optimize the runtime client-to-server re-assignment plans and minimize the number of shuffles to achieve attack mitigation. The proposed shuffling-based moving target mechanism enables effective attack containment using fewer resources than attack dilution strategies using pure server expansion. Our simulations and proof-of-concept prototype using Amazon EC2 [1] demonstrate that we can successfully mitigate large-scale DDoS attacks in a small number of shuffles, each of which incurs a few seconds of user-perceived latency.
  Keywords: client-server systems; cloud computing; computer network security; Amazon EC2; Internet services; attack dilution strategies ;attack mitigation; client-to-server reassignment plans; cloud computing; cloud-enabled DDoS defense; computational distributed denial-of-service attacks; intelligent client reassignment; large-scale DDoS attacks; moving target mechanism; moving targets; network attacks; optimal reassignment strategy; shuffling mechanism; system architecture; turning victim servers; Cloud computing; Computer architecture; Computer crime; IP networks; Servers; Web and internet services; Cloud; DDoS; Moving Target Defense; Shuffling (ID#:14-3108)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903585&isnumber=6903544

• Wei Zhang; Sheng Xiao; Yaping Lin; Ting Zhou; Siwang Zhou, "Secure Ranked Multi-keyword Search for Multiple Data Owners in Cloud Computing," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.276,286, 23-26 June 2014. doi: 10.1109/DSN.2014.36 With the advent of cloud computing, it becomes increasingly popular for data owners to outsource their data to public cloud servers while allowing data users to retrieve these data. For privacy concerns, secure searches over encrypted cloud data motivated several researches under the single owner model. However, most cloud servers in practice do not just serve one owner, instead, they support multiple owners to share the benefits brought by cloud servers. In this paper, we propose schemes to deal with secure ranked multi-keyword search in a multi-owner model. To enable cloud servers to perform secure search without knowing the actual data of both keywords and trapdoors, we systematically construct a novel secure search protocol. To rank the search results and preserve the privacy of relevance scores between keywords and files, we propose a novel Additive Order and Privacy Preserving Function family. Extensive experiments on real-world datasets confirm the efficacy and efficiency of our proposed schemes.
  Keywords: cloud computing; data privacy; information retrieval; additive order function; cloud computing; data outsourcing; data owners; keywords; multi-owner model; privacy concerns; privacy preserving function; public cloud servers; ranked multi-keyword search security; relevance scores; secure search protocol; single owner model; trapdoors; Cloud computing; Data privacy; Encryption; Keyword search; Privacy; Servers; cloud computing; multiple data owners; privacy and additive order preserving; secure ranked keyword search (ID#:14-3109)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903586&isnumber=6903544

• Xiaojing Liao; Uluagac, S.; Beyah, R.A., "S-MATCH: Verifiable Privacy-Preserving Profile Matching for Mobile Social Services," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.287, 298, 23-26 June 2014. doi: 10.1109/DSN.2014.37 Mobile social services utilize profile matching to help users find friends with similar social attributes (e.g., interests, location, background). However, privacy concerns often hinder users from enabling this functionality. In this paper, we introduce S-MATCH, a novel framework for privacy-preserving profile matching based on property-preserving encryption (PPE). First, we illustrate that PPE should not be considered secure when directly used on social attribute data due to its key-sharing problem and information leakage problem. Then, we address the aforementioned problems of applying PPE to social network data and develop an efficient and verifiable privacy-preserving profile matching scheme. We implement both the client and server portions of S-MATCH and evaluate its performance under three real-world social network datasets. The results show that S-MATCH can achieve at least one order of magnitude better computational performance than the techniques that use homomorphic encryption.
  Keywords: cryptography; data privacy; mobile computing; social networking (online); PPE; S-MATCH; homomorphic encryption; information leakage problem; key-sharing problem; mobile social services; privacy concerns; profile matching; property-preserving encryption; social attributes; social network data; verifiable privacy-preserving profile matching; Encryption; Entropy; Mobile communication; Servers; Social network services; privacy; profile matching; property-preserving encryption; symmetric encryption (ID#:14-3110)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903587&isnumber=6903544

• Jiesheng Wei; Thomas, A.; Guanpeng Li; Pattabiraman, K., "Quantifying the Accuracy of High-Level Fault Injection Techniques for Hardware Faults," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.375,382, 23-26 June 2014. doi: 10.1109/DSN.2014.2 Hardware errors are on the rise with reducing feature sizes, however tolerating them in hardware is expensive. Researchers have explored software-based techniques for building error resilient applications. Many of these techniques leverage application-specific resilience characteristics to keep overheads low. Understanding application-specific resilience characteristics requires software fault-injection mechanisms that are both accurate and capable of operating at a high-level of abstraction to allow developers to reason about error resilience. In this paper, we quantify the accuracy of high-level software fault injection mechanisms vis-a-vis those that operate at the assembly or machine code levels. To represent high-level injection mechanisms, we built a fault injector tool based on the LLVM compiler, called LLFI. LLFI performs fault injection at the LLVM intermediate code level of the application, which is close to the source code. We quantitatively evaluate the accuracy of LLFI with respect to assembly level fault injection, and understand the reasons for the differences.
  Keywords: program compilers; program testing; software fault tolerance; system recovery; LLFI; LLVM compiler; error resilience; fault injector tool; hardware faults; software fault-injection mechanisms; software testing; Accuracy; Assembly; Benchmark testing; Computer crashes; Hardware; Registers; Software; Fault injection; LLVM; PIN; comparison (ID#:14-3111)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903595&isnumber=6903544

• Hong, J.B.; Dong Seong Kim, "Scalable Security Models for Assessing Effectiveness of Moving Target Defenses," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.515,526, 23-26 June 2014. doi: 10.1109/DSN.2014.54 Moving Target Defense (MTD) changes the attack surface of a system that confuses intruders to thwart attacks. Various MTD techniques are developed to enhance the security of a networked system, but the effectiveness of these techniques is not well assessed. Security models (e.g., Attack Graphs (AGs)) provide formal methods of assessing security, but modeling the MTD techniques in security models has not been studied. In this paper, we incorporate the MTD techniques in security modeling and analysis using a scalable security model, namely Hierarchical Attack Representation Models (HARMs), to assess the effectiveness of the MTD techniques. In addition, we use importance measures (IMs) for scalable security analysis and deploying the MTD techniques in an effective manner. The performance comparison between the HARM and the AG is given. Also, we compare the performance of using the IMs and the exhaustive search method in simulations.
  Keywords: graph theory; security of data; HARMs; IMs; MTD; attack graphs; effectiveness assessment; exhaustive search method; hierarchical attack representation models; importance measures; moving target defenses; networked system security; scalable security models; security assessment; Analytical models; Computational modeling; Diversity methods; Internet; Linux; Measurement; Security; Attack Representation Model; Importance Measures; Moving Target Defense; Security Analysis; Security Modeling Techniques (ID#:14-3112)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903607&isnumber=6903544

• Mason, S.; Gashi, I.; Lugini, L.; Marasco, E.; Cukic, B., "Interoperability between Fingerprint Biometric Systems: An Empirical Study," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.586,597, 23-26 June 2014. doi: 10.1109/DSN.2014.60 Fingerprints are likely the most widely used biometric in commercial as well as law enforcement applications. With the expected rapid growth of fingerprint authentication in mobile devices their importance justifies increased demands for dependability. An increasing number of new sensors, applications and a diverse user population also intensify concerns about the interoperability in fingerprint authentication. In most applications, fingerprints captured for user enrollment with one device may need to be "matched" with fingerprints captured with another device. We have performed a large-scale study with 494 participants whose fingerprints were captured with 4 different industry-standard optical fingerprint devices. We used two different image quality algorithms to evaluate fingerprint images, and then used three different matching algorithms to calculate match scores. In this paper we present a comprehensive analysis of dependability and interoperability attributes of fingerprint authentication and make empirically-supported recommendations on their deployment strategies.
  Keywords: fingerprint identification; image matching; message authentication; dependability attribute; fingerprint authentication; fingerprint biometric system; image quality algorithm ;industry-standard optical fingerprint device; interoperability attribute; matching algorithm; mobile device; biometric systems; design diversity; empirical assessment; experimental results; interoperability (ID#:14-3113)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903613&isnumber=6903544

• Hong, J.B.; Dong Seong Kim; Haqiq, A., "What Vulnerability Do We Need to Patch First?," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference, pp.684,689, 23-26 June 2014. doi: 10.1109/DSN.2014.68 Computing a prioritized set of vulnerabilities to patch is important for system administrators to determine the order of vulnerabilities to be patched that are more critical to the network security. One way to assess and analyze security to find vulnerabilities to be patched is to use attack representation models (ARMs). However, security solutions using ARMs are optimized for only the current state of the networked system. Therefore, the ARM must reanalyze the network security, causing multiple iterations of the same task to obtain the prioritized set of vulnerabilities to patch. To address this problem, we propose to use importance measures to rank network hosts and vulnerabilities, then combine these measures to prioritize the order of vulnerabilities to be patched. We show that nearly equivalent prioritized set of vulnerabilities can be computed in comparison to an exhaustive search method in various network scenarios, while the performance of computing the set is dramatically improved, while equivalent solutions are computed in various network scenarios.
  Keywords: security of data; ARM; attack representation models; importance measures; network hosts; network security; networked system; prioritized set; security solutions; system administrators; vulnerability patch; Analytical models; Computational modeling; Equations; Mathematical model; Measurement; Scalability; Security; Attack Representation Model; Network Centrality; Security Analysis; Security Management; Security Metrics; Vulnerability Patch (ID#:14-3114)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903625&isnumber=6903544

• Parvania, M.; Koutsandria, G.; Muthukumary, V.; Peisert, S.; McParland, C.; Scaglione, A., "Hybrid Control Network Intrusion Detection Systems for Automated Power Distribution Systems," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on pp.774,779, 23-26 June 2014. doi: 10.1109/DSN.2014.81 In this paper, we describe our novel use of network intrusion detection systems (NIDS) for protecting automated distribution systems (ADS) against certain types of cyber attacks in a new way. The novelty consists of using the hybrid control environment rules and model as the baseline for what is normal and what is an anomaly, tailoring the security policies to the physical operation of the system. NIDS sensors in our architecture continuously analyze traffic in the communication medium that comes from embedded controllers, checking if the data and commands exchanged conform to the expected structure of the controllers interactions, and evolution of the system's physical state. Considering its importance in future ADSs, we chose the fault location, isolation and service restoration (FLISR) process as our distribution automation case study for the NIDS deployment. To test our scheme, we emulated the FLISR process using real programmable logic controllers (PLCs) that interact with a simulated physical infrastructure. We used this test bed to examine the capability of our NIDS approach in several attack scenarios. The experimental analysis reveals that our approach is capable of detecting various attacks scenarios including the attacks initiated within the trusted perimeter of the automation network by attackers that have complete knowledge about the communication information exchanged.
  Keywords: {computer crime; control engineering computing; embedded systems; fault location; power distribution control; power distribution faults; power distribution protection; power engineering computing; power system security; programmable controllers; DS; FLISR process; NIDS sensors; PLC; automated power distribution systems protection; automation network; communication information exchange; communication medium traffic; controllers interactions;cyber attacks; distribution automation; embedded controllers; fault location isolation and service restoration; hybrid control environment rules; hybrid control network intrusion detection systems; physical infrastructure; real programmable logic controllers; security policies; system physical operation; system physical state evolution; trusted perimeter; Circuit breakers; Circuit faults; IP networks; intrusion detection; Monitoring; Protocols; Power distribution systems; distribution automation; intrusion detection systems; network security (ID#:14-3115)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903640&isnumber=6903544

• Gibson, T.; Ciraci, S.; Sharma, P.; Allwardt, C.; Rice, M.; Akyol, B., "An Integrated Security Framework for GOSS Power Grid Analytics Platform," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.786,791, 23-26 June 2014. doi: 10.1109/DSN.2014.106 In power grid operations, security is an essential component for any middleware platform. Security protects data against unwanted access as well as cyber attacks. GridOpticsTM Software System (GOSS) is an open source power grid analytics platform that facilitates ease of access between applications and data sources and promotes development of advanced analytical applications. GOSS contains an API that abstracts many of the difficulties in connecting to various heterogeneous data sources. A number of applications and data sources have already been implemented to demonstrate functionality and ease of use. A security framework has been implemented which leverages widely accepted, robust Java TM security tools in a way such that they can be interchanged as needed. This framework supports the complex fine-grained, access control rules identified for the diverse data sources already in GOSS. Performance and reliability are also important considerations in any power grid architecture. An evaluation is done to determine the overhead cost caused by security within GOSS and ensure minimal impact to performance.
  Keywords: Java; application program interfaces; authorisation; middleware; power grids; power system analysis computing; public domain software; API; GOSS power grid analytics platform; GridOptics software system; Java security tools; complex fine-grained access control rules; cyber attacks;I ntegrated security framework; middleware platform; open source power grid analytics platform; power grid architecture; power grid operations; Authentication; Authorization; Organizations; Phasor measurement units; Power grids; jaas; middleware; pmu; power grid; security; smartgrid (ID#:14-3116)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903642&isnumber=6903544

• Zhiyuan Teo; Kutsenko, V.; Birman, K.; van Renesse, R., "Ironstack: Performance, Stability and Security for Power Grid Data Networks," Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, pp.792, 797, 23-26 June 2014. doi: 10.1109/DSN.2014.83 Operators of the nationwide power grid use proprietary data networks to monitor and manage their power distribution systems. These purpose-built, wide area communication networks connect a complex array of equipment ranging from PMUs and synchrophasers to SCADA systems. Collectively, these equipment form part of an intricate feedback system that ensures the stability of the power grid. In support of this mission, the operational requirements of these networks mandates high performance, reliability, and security. We designed Iron Stack, a system to address these concerns. By using cutting-edge software defined networking technology, Iron Stack is able to use multiple network paths to improve communications bandwidth and latency, provide seamless failure recovery, and ensure signals security. Additionally, Iron Stack is incrementally deployable and backward-compatible with existing switching infrastructure.
  Keywords: SCADA systems; computer network performance evaluation; computer network security; feedback; power distribution; power grids; IronStack; PMU; SCADA systems; communication bandwidth; communication latency; cutting-edge software defined networking technology; failure recovery; feedback system; power distribution systems; power grid data network security; power grid data network stability; proprietary data networks; switching infrastructure; synchrophasers; wide area communication networks; Bandwidth; Power grids; Process control; Redundancy; Security; Software; Switches; SDNs; high-assurance computing; network performance; security; software-defined networking (ID#:14-3117)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903643&isnumber=6903544

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

International Science of Security Research: China Communications 2013

---

In this bibliographical selection, we look at science of security research issues that highlight a specific series of international conferences and the IEEE journals that have come out of them rather than at key words. This inaugural set is from China Communications, an English language technical journal published by China Institute of Communications, with the stated objective of providing a global academic exchange platform involved in information and communications technologies sector. The research cited is security research published in 2013.

• He Defang; Pan Yuntao; Ma Zheng; Wang Jingting, "Sustainable Growth In China's Communications Field: Trend Analysis Of Impact Of China's Academic Publications," Communications, China, vol.10, no.3, pp.157, 163, March 2013. doi: 10.1109/CC.2013.6488844 China's communications industry is an important part of the electronic information industry, and plays a significant role in the national informatization process. In 2006, China issued its National Plans for Medium and Long-term Development of Science and Technology (2006-2020) (NPMLDST). Since 2006, there has been a rapid increase in the number of citations of China's international papers in the field of communications. In accordance with the goals listed in the NPMLDST, China needs to overtake several competitors by 2020 to be among the top five countries in the field of natural science field. By comparing two Essential Science Indicators (ESI) (i.e., the total number of citations and the number of citations per paper) for China and other countries, China's annual growth rate is found to exceed that of other influential countries in the field of science and technology, and exhibits evident growth-type characteristics. Besides, our study also shows that the shortage of high-quality academic papers in China is the main obstacle to improving the impact of China's academic publications.
  Keywords: citation analysis; publishing; ESI; NPMLDST; National Plans for Medium and Long-term Development of Science and Technology; academic papers; academic publications; communications field; electronic information industry; essential science indicators; growth-type characteristics; national informatization process; sustainable growth; Bibliometrics; Communication industry; Market research; Mobile communication; Publishing; Technological innovation; China's communications field; Essential Science Indicators; academic publications; citations; growth trend (ID#:14-2904)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6488844&isnumber=6488803

• Yi, Chengqi; Bao, Yuanyuan; Jiang, Jingchi; Xue, Yibo, "Mitigation Strategy Against Cascading Failures On Social Networks," Communications, China, vol.11, no.8, pp.37,46, Aug. 2014. doi: 10.1109/CC.2014.6911086 Cascading failures are common phenomena in many of real-world networks, such as power grids, Internet, transportation networks and social networks. It's worth noting that once one or a few users on a social network are unavailable for some reasons, they are more likely to influence a large portion of social network. Therefore, an effective mitigation strategy is very critical for avoiding or reducing the impact of cascading failures. In this paper, we firstly quantify the user loads and construct the processes of cascading dynamics, then elaborate the more reasonable mechanism of sharing the extra user loads with considering the features of social networks, and further propose a novel mitigation strategy on social networks against cascading failures. Based on the real-world social network datasets, we evaluate the effectiveness and efficiency of the novel mitigation strategy. The experimental results show that this mitigation strategy can reduce the impact of cascading failures effectively and maintain the network connectivity better with lower cost. These findings are very useful for rationally advertising and may be helpful for avoiding various disasters of cascading failures on many real-world networks.
  Keywords: Educational institutions; Facebook; Power system dynamics; Power system faults; Power system protection; Twitter; betweenness centrality; cascading dynamics; cascading failures; mitigation strategy; social networks (ID#:14-2905)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6911086&isnumber=6911078

• Guoyuan Lin; Danru Wang; Yuyu Bie; Min Lei, "MTBAC: A Mutual Trust Based Access Control Model In Cloud Computing," Communications, China, vol.11, no.4, pp.154,162, April 2014. doi: 10.1109/CC.2014.6827577 As a new computing mode, cloud computing can provide users with virtualized and scalable web services, which faced with serious security challenges, however. Access control is one of the most important measures to ensure the security of cloud computing. But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing. In cloud computing environment, only when the security and reliability of both interaction parties are ensured, data security can be effectively guaranteed during interactions between users and the Cloud. Therefore, building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment. Combining with Trust Management(TM), a mutual trust based access control (MTBAC) model is proposed in this paper. MTBAC model take both user's behavior trust and cloud services node's credibility into consideration. Trust relationships between users and cloud service nodes are established by mutual trust mechanism. Security problems of access control are solved by implementing MTBAC model into cloud computing environment. Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.
  Keywords: Web services; authorisation; cloud computing; virtualisation; MTBAC model; cloud computing environment; cloud computing security; cloud service node credibility; data security; mutual trust based access control model; mutual trust mechanism; mutual trust relationship; open conditions; scalable Web services; trust management; user behavior trust; virtualized Web services; Computational modeling; Reliability; Time-frequency analysis; MTBAC; access control; cloud computing; mutual trust mechanism ;trust model (ID#:14-2906)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6827577&isnumber=6827540

• Huang Qinlong; Ma Zhaofeng; Yang Yixian; Niu Xinxin; Fu Jingyi, "Improving Security And Efficiency For Encrypted Data Sharing In Online Social Networks," Communications, China, vol.11, no.3, pp.104,117, March 2014. doi: 10.1109/CC.2014.6825263 Despite that existing data sharing systems in online social networks (OSNs) propose to encrypt data before sharing, the multiparty access control of encrypted data has become a challenging issue. In this paper, we propose a secure data sharing scheme in OSNs based on ciphertext-policy attribute-based proxy re-encryption and secret sharing. In order to protect users' sensitive data, our scheme allows users to customize access policies of their data and then outsource encrypted data to the OSNs service provider. Our scheme presents a multiparty access control model, which enables the disseminator to update the access policy of ciphertext if their attributes satisfy the existing access policy. Further, we present a partial decryption construction in which the computation overhead of user is largely reduced by delegating most of the decryption operations to the OSNs service provider. We also provide checkability on the results returned from the OSNs service provider to guarantee the correctness of partial decrypted ciphertext. Moreover, our scheme presents an efficient attribute revocation method that achieves both forward and backward secrecy. The security and performance analysis results indicate that the proposed scheme is secure and effcient in OSNs.
  Keywords: authorization ;cryptography; social networking (online); attribute based proxy reencryption; ciphertext policy; data security; decryption operations; encrypted data sharing efficiency; multiparty access control model; online social networks; secret sharing; secure data sharing; Access control; Amplitude shift keying; Data sharing; Encryption; Social network services; attribute revocation; attribute-based encryption; data sharing; multiparty access control; online social networks (ID#:14-2907)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6825263&isnumber=6825249

• Huifang, Chen; Lei, Xie; Xiong, Ni, "Reputation-Based Hierarchically Cooperative Spectrum Sensing Scheme In Cognitive Radio Networks," Communications, China, vol.11, no. 1, pp. 12, 25, Jan. 2014. doi: 10.1109/CC.2014.6821304 Cooperative spectrum sensing in cognitive radio is investigated to improve the detection performance of Primary User (PU). Meanwhile, cluster-based hierarchical cooperation is introduced for reducing the overhead as well as maintaining a certain level of sensing performance. However, in existing hierarchically cooperative spectrum sensing algorithms, the robustness problem of the system is seldom considered. In this paper, we propose a reputation-based hierarchically cooperative spectrum sensing scheme in Cognitive Radio Networks (CRNs). Before spectrum sensing, clusters are grouped based on the location correlation coefficients of Secondary Users (SUs). In the proposed scheme, there are two levels of cooperation, the first one is performed within a cluster and the second one is carried out among clusters. With the reputation mechanism and modified MAJORITY rule in the second level cooperation, the proposed scheme can not only relieve the influence of the shadowing, but also eliminate the impact of the PU emulation attack on a relatively large scale. Simulation results show that, in the scenarios with deep-shadowing or multiple attacked SUs, our proposed scheme achieves a better tradeoff between the system robustness and the energy saving compared with those conventionally cooperative sensing schemes.
  Keywords: Clustering methods; Cognitive radio; Correlation; Correlation coefficient; Robustness; Shadow mapping; Spread spectrum management; cluster; cognitive radio networks; cooperative spectrum sensing; location correlation; reputation (ID#:14-2908)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821304&isnumber=6821299

• Cao Wanpeng; Bi Wei, "Adaptive And Dynamic Mobile Phone Data Encryption Method," Communications, China, vol.11, no.1, pp.103, 109, Jan. 2014. doi: 10.1109/CC.2014.6821312 To enhance the security of user data in the clouds, we present an adaptive and dynamic data encryption method to encrypt user data in the mobile phone before it is uploaded. Firstly, the adopted data encryption algorithm is not static and uniform. For each encryption, this algorithm is adaptively and dynamically selected from the algorithm set in the mobile phone encryption system. From the mobile phone's character, the detail encryption algorithm selection strategy is confirmed based on the user's mobile phone hardware information, personalization information and a pseudo-random number. Secondly, the data is rearranged with a randomly selected start position in the data before being encrypted. The start position's randomness makes the mobile phone data encryption safer. Thirdly, the rearranged data is encrypted by the selected algorithm and generated key. Finally, the analysis shows this method possesses the higher security because the more dynamics and randomness are adaptively added into the encryption process.
  Keywords: cloud computing; cryptography; data protection; mobile computing; mobile handsets; random functions; detail encryption algorithm selection strategy; mobile phone data encryption method; mobile phone encryption system; mobile phone hardware information; personalization information; pseudorandom number; user data security; Encryption; Heuristic algorithms; Mobile communication; Mobile handsets; Network security; cloud storage; data encryption; mobile phone; pseudo-random number (ID#:14-2909)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821312&isnumber=6821299

• Shang Tao; Pei Hengli; Liu Jianwei, "Secure Network Coding Based On Lattice Signature," Communications, China, vol.11, no.1, pp.138, 151, Jan. 2014. doi: 10.1109/CC.2014.6821316 To provide a high-security guarantee to network coding and lower the computing complexity induced by signature scheme, we take full advantage of homomorphic property to build lattice signature schemes and secure network coding algorithms. Firstly, by means of the distance between the message and its signature in a lattice, we propose a Distance-based Secure Network Coding (DSNC) algorithm and stipulate its security to a new hard problem Fixed Length Vector Problem (FLVP), which is harder than Shortest Vector Problem (SVP) on lattices. Secondly, considering the boundary on the distance between the message and its signature, we further propose an efficient Boundary-based Secure Network Coding (BSNC) algorithm to reduce the computing complexity induced by square calculation in DSNC. Simulation results and security analysis show that the proposed signature schemes have stronger unforgeability due to the natural property of lattices than traditional Rivest-Shamir-Adleman (RSA)-based signature scheme. DSNC algorithm is more secure and BSNC algorithm greatly reduces the time cost on computation.
  Keywords: computational complexity; digital signatures; network coding; telecommunication security; BSNC; DSNC; FLVP; boundary-based secure network coding; computing complexity; distance-based secure network coding; fixed length vector problem; hard problem; high-security guarantee; homomorphic property; lattice signature; signature scheme; Algorithm design and analysis; Cryptography; Lattices; Network coding;N etwork security ;fixed length vector problem; lattice signature;pollution attack;secure network coding (ID#:14-2910)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821316&isnumber=6821299

• Jingzheng, Huang; Zhenqiang, Yin; Wei, Chen; Shuang, Wang; Hongwei, Li; Guangcan, Guo; Zhengfu, Han, "A Survey On Device-Independent Quantum Communications," Communications, China, vol.10, no.2, pp.1,10, Feb. 2013. doi: 10.1109/CC.2013.6472853 Quantum communications helps us to enhance the security and efficiency of communications and to deepen our understanding of quantum physics. Its rapid development in recent years has attracted the interest of researchers from diverse fields such as physics, mathematics, and computer science. We review the background and current state of quantum communications technology, with an emphasis on quantum key distribution, quantum random number generation, and a relatively hot topic: device independent protocols.
  Keywords: Cryptography; Detectors; Hilbert space; Network security; Photonics; Protocols; Quantum communications; device-independent; quantum communications; quantum key distribution (ID#:14-2911)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6472853&isnumber=6472848

• Li, Yang; Chong, Xiang; Bao, Li, "Quantum Probabilistic Encryption Scheme Based On Conjugate Coding," Communications, China, vol.10, no.2, pp.19,26, Feb. 2013. doi: 10.1109/CC.2013.6472855 We present a quantum probabilistic encryption algorithm for a private-key encryption scheme based on conjugate coding of the qubit string. A probabilistic encryption algorithm is generally adopted in public-key encryption protocols. Here we consider the way it increases the unicity distance of both classical and quantum private-key encryption schemes. The security of quantum probabilistic private-key encryption schemes against two kinds of attacks is analyzed. By using the no-signalling postulate, we show that the scheme can resist attack to the key. The scheme's security against plaintext attack is also investigated by considering the information-theoretic indistinguishability of the encryption scheme. Finally, we make a conjecture regarding Breidbart's attack.
  Keywords: Cryptography; Encoding; Encryption; Private key encryption; Probabilistic logic; Public key; Quantum communications; information-theoretic indistinguishability; probabilistic encryption; quantum cryptography (ID#:14-2912)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6472855&isnumber=6472848

• Zhi, Ma; Riguang, Leng; Zhengchao, Wei; Shuqin, Zhong, "Constructing Non-Binary Asymmetric Quantum Codes Via Graphs," Communications, China, vol.10, no.2, pp.33,41, Feb. 2013. doi: 10.1109/CC.2013.6472857 The theory of quantum error correcting codes is a primary tool for fighting decoherence and other quantum noise in quantum communication and quantum computation. Recently, the theory of quantum error correcting codes has developed rapidly and been extended to protect quantum information over asymmetric quantum channels, in which phase-shift and qubit-flip errors occur with different probabilities. In this paper, we generalize the construction of symmetric quantum codes via graphs (or matrices) to the asymmetric case, converting the construction of asymmetric quantum codes to finding matrices with some special properties. We also propose some asymmetric quantum Maximal Distance Separable (MDS) codes as examples constructed in this way.
  Keywords: Cryptography; Matrix converters; Measurement; Quantum communications; Quantum computing; Quantum mechanics; Symmetric matrices; asymmetric quantum codes; graph construction; quantum MDS codes (ID#:14-2913)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6472857&isnumber=6472848

• Liaojun, Pang; Huixian, Li; Qingqi, Pei; Nengbin, Liu; Yumin, Wang, "Fair Data Collection Scheme In Wireless Sensor Networks," Communications, China , vol.10, no.2, pp.112,120, Feb. 2013. doi: 10.1109/CC.2013.6472863 To solve the slow congestion detection and rate convergence problems in the existing rate control based fair data collection schemes, a new fair data collection scheme is proposed, which is named the improved scheme with fairness or ISWF for short. In ISWF, a quick congestion detection method, which combines the queue length with traffic changes of a node, is used to solve the slow congestion detection problem, and a new solution, which adjusts the rate of sending data of a node by monitoring the channel utilization rate, is used to solve the slow convergence problem. At the same time, the probability selection method is used in ISWF to achieve the fairness of channel bandwidth utilization. Experiment and simulation results show that ISWF can effectively reduce the reaction time in detecting congestion and shorten the rate convergence process. Compared with the existing tree-based fair data collection schemes, ISWF can achieve better fairness in data collection and reduce the transmission delay effectively, and at the same time, it can increase the average network throughput by 9.1% or more.
  Keywords: Bandwidth; Congestion control; Data collection; Data communication; Interference; Telecommunication traffic; Throughput; Wireless sensor networks; congestion detection;fairness; probability selection; rate control; wireless sensor networks (ID#:14-2914)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6472863&isnumber=6472848

• Xiaoyun, Chen; Yujie, Su; Xiaosheng, Tang; Xiaohong, Huang; Yan, Ma, "On Measuring The Privacy Of Anonymized Data In Multiparty Network Data Sharing," Communications, China , vol.10, no.5, pp.120,127, May 2013. doi: 10.1109/CC.2013.6520944 This paper aims to find a practical way of quantitatively representing the privacy of network data. A method of quantifying the privacy of network data anonymization based on similarity distance and entropy in the scenario involving multiparty network data sharing with Trusted Third Party (TTP) is proposed. Simulations are then conducted using network data from different sources, and show that the measurement indicators defined in this paper can adequately quantify the privacy of the network. In particular, it can indicate the effect of the auxiliary information of the adversary on privacy.
  Keywords: Data privacy; Entropy; IP networks; Ports (Computers); Privacy; Probability distribution; Workstations; multiparty network data sharing; network data anonymization; privacy (ID#:14-2915)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6520944&isnumber=6520928

• Lu Gang; Zhang Hongli; Zhang Yu; Qassrawi, M.T.; Yu Xiangzhan; Peng Lizhi, "Automatically Mining Application Signatures For Lightweight Deep Packet Inspection," Communications, China, vol.10, no.6, pp. 86, 99, June 2013. doi: 10.1109/CC.2013.6549262 Automatic signature generation approaches have been widely applied in recent traffic classification. However, they are not suitable for LightWeight Deep Packet Inspection (LW_DPI) since their generated signatures are matched through a search of the entire application data. On the basis of LW_DPI schemes, we present two Hierarchical Clustering (HC) algorithms: HC_TCP and HC_UDP, which can generate byte signatures from TCP and UDP packet payloads respectively. In particular, HC_TCP and HC_ UDP can extract the positions of byte signatures in packet payloads. Further, in order to deal with the case in which byte signatures cannot be derived, we develop an algorithm for generating bit signatures. Compared with the LASER algorithm and Suffix Tree (ST)-based algorithm, the proposed algorithms are better in terms of both classification accuracy and speed. Moreover, the experimental results indicate that, as long as the application-protocol header exists, it is possible to automatically derive reliable and accurate signatures combined with their positions in packet payloads.
  Keywords: Internet; data mining; inspection; telecommunication traffic; transport protocols; HC_TCP; HC_UDP; LASER algorithm; LW_DPI; application protocol header; application signatures; automatic signature generation; byte signatures; classification accuracy; hierarchical clustering; lightweight deep packet inspection; packet payloads; traffic classification; Classification algorithms; Clustering algorithms; Machine learning algorithms; Payloads; Ports (Computers);Telecommunication traffic Training; LW_DPI; association mining; automatic signature generation; hierarchical clustering; traffic classification (ID#:14-2916)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6549262&isnumber=6549247

• Wang Li; Ma Xin; Ma Yue; Teng Yinglei; Zhang Yong, "Security-oriented Transmission Based On Cooperative Relays In Cognitive Radio," Communications, China, vol.10, no.8, pp.27, 35, Aug. 2013 doi: 10.1109/CC.2013.6633742 In this paper, we propose a security-oriented transmission scheme with the help of multiple relays in Cognitive Radio (CR). To maximise the Secrecy Capacity (SC) of the source-destination link in CR, both beamforming and cooperative jamming technologies are used to improve the performance of the Secondary User (SU) and protect the Primary User (PU). The effectiveness of the proposed scheme is demonstrated using extensive simulation. Both theoretical analyses and simulation results reveal that the proposed scheme contributes to the secure transmission of the SU with acceptable attenuation of the Signal-to-Noise Ratio (SNR) at the PU receiver, and the upper bound of the SC at the SU receiver is able to exploit the power allocation strategy.
  Keywords: array signal processing; cognitive radio; cooperative communication; jamming; relay networks (telecommunication);resource allocation; telecommunication security; SNR; SU receiver; beamforming; cognitive radio; cooperative jamming; cooperative relays; power allocation strategy; primary user; secondary user; secrecy capacity; security-oriented transmission scheme; signal-to-noise ratio; source-destination link; Interference; Jamming; Network security; Receivers; Relays; Resource management ;Signal to noise ratio; CR; SC; acceptable SNR attenuation level; power allocation (ID#:14-2917)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6633742&isnumber=6633733

• Liu Guangjun; Wang Bin, "Secure Network Coding Against Intra/Inter-Generation Pollution Attacks," Communications, China, vol.10, no.8, pp.100, 110, Aug. 2013. doi: 10.1109/CC.2013.6633749 By allowing routers to combine the received packets before forwarding them, network coding-based applications are susceptible to possible malicious pollution attacks. Existing solutions for counteracting this issue either incur inter-generation pollution attacks (among multiple generations) or suffer high computation/bandwidth overhead. Using a dynamic public key technique, we propose a novel homomorphic signature scheme for network coding for each generation authentication without updating the initial secret key used. As per this idea, the secret key is scrambled for each generation by using the generation identifier, and each packet can be fast signed using the scrambled secret key for the generation to which the packet belongs. The scheme not only can resist intra-generation pollution attacks effectively but also can efficiently prevent inter-generation pollution attacks. Further, the communication overhead of the scheme is small and independent of the size of the transmitting files.
  Keywords: authorisation; network coding; public key cryptography; telecommunication security; communication overhead; dynamic public key technique; generation authentication; generation identifier; homomorphic signature ;inter-generation pollution attacks; intra-generation pollution attacks; malicious pollution attacks; multiple generations; received packets; scrambled secret key; secure network coding; Authentication; Computer viruses; Network coding; Network security; Public key; authentication; homomorphic cryptography; homomorphic signature; network coding; pollution attacks (ID#:14-2918)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6633749&isnumber=6633733

• Zhou Conghua; Cao Meiling, "Analysis of Fast And Secure Protocol Based On Continuous-Time Markov Chain," Communications, China, vol.10, no.8, pp.137,149, Aug. 2013. doi: 10.1109/CC.2013.6633752 To provide an optimal alternative to traditional Transmission Control Protocol (TCP)-based transport technologies, Aspera's Fast and Secure Protocol (FASP) is proposed as an innovative bulky data transport technology. To accurately analyse the reliability and rapidness of FASP, an automated formal technique ? probabilistic model checking ? is used for formally analysing FASP in this paper. First, FASP's transmission process is decomposed into three modules: the Sender, the Receiver and the transmission Channel. Each module is then modelled as a Continuous-Time Markov Chain (CTMC). Second, the reward structure for CTMC is introduced so that the reliability and rapidness can be specified with the Continuous-time Stochastic Logic (CSL). Finally, the probabilistic model checker, PRISM is used for analysing the impact of different parameters on the reliability and rapidness of FASP. The probability that the Sender finishes sending data and the Receiver successfully receives data is always 1, which indicates that FASP can transport data reliably. The result that FASP takes approximately 10 s to complete transferring the file of 1 G irrespective of the network configuration shows that FASP can transport data very quickly. Further, by the comparison of throughput between FASP and TCP under various latency and packet loss conditions, FASP's throughput is shown to be perfectly independent of network delays and robust to extreme packet loss.
  Keywords: Markov processes; formal verification; probability; telecommunication network reliability; transport protocols; automated formal technique; continuous time Markov chain; continuous time stochastic logic; fast and secure protocol; innovative bulky data transport technology; network delays; packet loss conditions; probabilistic model checking; transmission control protocol; Markov processes; Model checking; Packet loss; Probabilistic logic; Protocols; Reliability; Throughput; CTMC; FASP; PRISM; probabilistic model checking (ID#:14-2919)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6633752&isnumber=6633733

• Shi Wenhua; Zhang Xiaohang; Gong Xue; Lv Tingjie, "Identifying Fake And Potential Corporate Members In Telecommunications Operators," Communications, China, vol.10, no.8, pp.150, 157, Aug. 2013 doi: 10.1109/CC.2013.6633753 Nowadays, mobile operators in China mainland are facing fierce competition from one to another, and their focus of customer competition has, in general, shifted from public to corporate customers. One big challenge in corporate customer management is how to identify fake corporate members and potential corporate members from corporate customers. In this study, we have proposed an identification method that combines the rule-based and probabilistic methods. Through this method, fake corporate members can be eliminated and external potential members can be mined. The experimental results based on the data obtained from a local mobile operator revealed that the proposed method can effectively and efficiently identify fake and potential corporate members. The proposed method can be used to improve the management of corporate customers.
  Keywords: customer relationship management; identification; knowledge based systems; probability ;telecommunication industry; telecommunication network management; China mainland; corporate customer management; customer competition; fake corporate members; identification method; mobile operators; potential corporate members; probabilistic methods; public customers; rule-based methods; Base stations; Consumer behavior; Customer profiles; Information technology; Mobile communication; Probabilistic logic; Telecommunication services; corporate customer; fake-member identification; kernel density estimation; rule-based method (ID#:14-2920)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6633753&isnumber=6633733

• Wang Houtian; Zhang Qi; Xin Xiangjun; Tao Ying; Liu Naijin, "Cross-layer Design And Ant-Colony Optimization Based Routing Algorithm For Low Earth Orbit Satellite Networks," Communications, China , vol.10, no.10, pp.37, 46, Oct. 2013. doi: 10.1109/CC.2013.6650318 To improve the robustness of the Low Earth Orbit (LEO) satellites networks and realise load balancing, a Cross-layer design and Ant-colony optimization based Load-balancing routing algorithm for LEO Satellite Networks (CAL-LSN) is proposed in this paper. In CAL-LSN, mobile agents are used to gather routing information actively. CAL-LSN can utilise the information of the physical layer to make routing decision during the route construction phase. In order to achieve load balancing, CAL-LSN makes use of a multi-objective optimization model. Meanwhile, how to take the value of some key parameters is discussed while designing the algorithm so as to improve the reliability. The performance is measured by the packet delivery rate, the end-to-end delay, the link utilization and delay jitter. Simulation results show that CAL-LSN performs well in balancing traffic load and increasing the packet delivery rate. Meanwhile, the end-to-end delay and delay jitter performance can meet the requirement of video transmission.
  Keywords: ant colony optimisation; delays; jitter; resource allocation; satellite links; telecommunication network reliability; telecommunication network routing; video communication; CAL-LSN; LEO satellite; ant-colony optimization; cross-layer design; delay jitter performance; end-to-end delay; link utilization; low earth orbit satellite network; mobile agent; multiobjective optimization model; packet delivery rate; reliability; robustness; traffic load-balancing routing algorithm; video transmission; Algorithm design and analysis; Delays; Low earth orbit satellites; Optimization; Routing; Satellite broadcasting; LEO satellite networks; Quality of Service; ant-colony algorithm; cross-layer design; load balancing (ID#:14-2921)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6650318&isnumber=6650308

• Fang Enbo; Han Caiyun; Liu Jiayong, "Auto-aligned Sharing Fuzzy Fingerprint Vault," Communications, China, vol.10, no.10, pp.145, 154, Oct. 2013. doi: 10.1109/CC.2013.6650327 Recently, a cryptographic construct, called fuzzy vault, has been proposed for crypto-biometric systems, and some implementations for fingerprint have been reported to protect the stored fingerprint template by hiding the fingerprint features. However, all previous studies assumed that fingerprint features were pre-aligned, and automatic alignment in the fuzzy vault domain is a challenging issue. In this paper, an auto-aligned sharing fuzzy fingerprint vault based on a geometric hashing technique is proposed to address automatic alignment in the multiple-control fuzzy vault with a compartmented structure. The vulnerability analysis and experimental results indicate that, compared with original multiple-control fuzzy vault, the auto-aligned sharing fuzzy fingerprint vault can improve the security of the system.
  Keywords: cryptography; fingerprint identification; image matching; auto-aligned sharing fuzzy fingerprint vault; automatic alignment; compartmented structure; crypto-biometric systems; cryptographic construct; fingerprint features; geometric hashing technique; multiple-control fuzzy vault; stored fingerprint template; vulnerability analysis; Authentication; Bioinformatics; Biometrics (access control); Cryptography; Fingerprint recognition; auto-aligned sharing fuzzy fingerprint vault; biometrics ;fingerprint; geometric hashing (ID#:14-2922)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6650327&isnumber=6650308

• Qi Yanfeng; Tang Chunming; Lou Yu; Xu Maozhi; Guo Baoan, "Certificateless Proxy Identity-Based Signcryption Scheme Without Bilinear Pairings," Communications, China, vol.10, no.11, pp.37, 41, Nov. 2013. doi: 10.1109/CC.2013.6674208 Signcryption, which was introduced by ZHENG, is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more efficient way. Certificateless signcryption and proxy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pairings. In this paper, we present a certificateless proxy identity-based signcryption scheme without bilinear pairings, which is efficient and secure.
  Keywords: digital signatures; public key cryptography; certificateless proxy identity-based signcryption scheme; confidentiality; cryptographic primitive; digital signature; elliptic curve discrete logarithm problem; encryption; identity-based cryptography; integrity; nonrepudiation; Elliptic curve cryptography; Elliptic curves; Information security; certificateless signcryption; elliptic curve discrete logarithm problem; identity-based cryptography; proxy signcryption (ID#:14-2923)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6674208&isnumber=6674198

• Zou Futai; Zhang Siyu; Rao Weixiong, "Hybrid Detection And Tracking Of Fast-Flux Botnet On Domain Name System Traffic," Communications, China, vol.10, no.11, pp.81,94, Nov. 2013. doi: 10.1109/CC.2013.6674213 Fast-flux is a Domain Name System (DNS) technique used by botnets to organise compromised hosts into a high-availability, load-balancing network that is similar to Content Delivery Networks (CDNs). Fast-Flux Service Networks (FFSNs) are usually used as proxies of phishing websites and malwares, and hide upstream servers that host actual content. In this paper, by analysing recursive DNS traffic, we develop a fast-flux domain detection method which combines both real-time detection and long-term monitoring. Experimental results demonstrate that our solution can achieve significantly higher detection accuracy values than previous flux-score based algorithms, and is lightweight in terms of resource consumption. We evaluate the performance of the proposed fast-flux detection and tracking solution during a 180-day period of deployment on our university's DNS servers. Based on the tracking results, we successfully identify the changes in the distribution of FFSN and their roles in recent Internet attacks.
  Keywords: Internet; Web sites; computer network security; invasive software; network servers; resource allocation; telecommunication traffic; DNS servers; DNS technique; FFSNs; Internet attacks; domain name system traffic; fast-flux botnet; fast-flux detection; fast-flux domain detection method; fast-flux service networks; hide upstream servers; hybrid detection; hybrid tracking; load-balancing network; long-term monitoring; malwares; performance evaluation; phishing Web sites; real-time detection; recursive DNS traffic; resource consumption; time 180 day; tracking solution; Classification algorithms; Decision trees; Feature extraction; IP networks; Real-time systems; Telecommunication traffic; botnet; domain name system; fast-flux (ID#:14-2924)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6674213&isnumber=6674198

• Ye Na; Zhao Yinliang; Dong Lili; Bian Genqing; Enjie Liu; Clapworthy, G.J., "User Identification Based On Multiple Attribute Decision Making In Social Networks," Communications, China , vol.10, no.12, pp.37, 49, Dec. 2013. doi: 10.1109/CC.2013.6723877 Social networks are becoming increasingly popular and influential, and users are frequently registered on multiple networks simultaneously, in many cases leaving large quantities of personal information on each network. There is also a trend towards the personalization of web applications; to do this, the applications need to acquire information about the particular user. To maximise the use of the various sets of user information distributed on the web, this paper proposes a method to support the reuse and sharing of user profiles by different applications, and is based on user profile integration. To realize this goal, the initial task is user identification, and this forms the focus of the current paper. A new user identification method based on Multiple Attribute Decision Making (MADM) is described in which a subjective weight-directed objective weighting, which is obtained from the Similarity Weight method, is proposed to determine the relative weights of the common properties. Attribute Synthetic Evaluation is used to determine the equivalence of users. Experimental results show that the method is both feasible and effective despite the incompleteness of the candidate user dataset.
  Keywords: decision making; social networking (online); MADM; Web application personalization; attribute synthetic evaluation; multiple attribute decision making; similarity weight method; social network; subjective weight-directed objective weighting; user identification; user profile integration; user profile reusing; user profile sharing; Communication systems; Competitive intelligence; Decision making; Electronic mail; Facebook; Identification; Information technology; LinkedIn; Social network services; Twitter; cooperative communication; fuzzy matching; heterogeneous networks; network convergence; weighted algorithm (ID#:14-2925)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6723877&isnumber=6723867

• Ghosh, A.; Gottlieb, Y.M.; Naidu, A.; Vashist, A.; Poylisher, A.; Kubota, A.; Sawaya, Y.; Yamada, A., "Managing High Volume Data For Network Attack Detection Using Real-Time Flow Filtering," Communications, China, vol.10, no.3, pp.56,66, March 2013. doi: 10.1109/CC.2013.6488830 In this paper, we present Real-Time Flow Filter (RTFF) -a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet inspection. RTFF was designed with the goal of scaling to high volume data feeds that are common in large Tier-1 ISP networks and providing rich, timely information on observed attacks. It is a software solution that is designed to run on off-the-shelf hardware platforms and incorporates a scalable data processing architecture along with lightweight analysis algorithms that make it suitable for deployment in large networks. RTFF also makes use of state of the art machine learning algorithms to construct attack models that can be used to detect as well as predict attacks.
  Keywords: Internet; computer network management; computer network security; Internet service provider;RTFF;Tier-1 ISP networks; coarse-grained volume anomaly detection; deep packet inspection; high volume data feeds; high volume data management; machine learning algorithms; network attack detection; off-the-shelf hardware platforms; real-time flow filtering; scalable data processing architecture; software solution; Data processing; Filters; Intrusion detection; Network architecture; Network security; Real-time systems; Security; intrusion detection; network security; scaling (ID#:14-2926)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6488830&isnumber=6488803

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

International Science of Security Research: China Communications 2014

---

In this bibliographical selection, we look at science of security research issues that highlight a specific series of international conferences and the IEEE journals that have come out of them rather than at key words. This inaugural set is from China Communications, an English language technical journal published by China Institute of Communications, with the stated objective of providing a global academic exchange platform involved in information and communications technologies sector. The research cited is security research published in 2014.

• Yang Yu; Lei Min; Cheng Mingzhi; Liu Bohuai; Lin Guoyuan; Xiao Da, "An Audio Zero-Watermark Scheme Based On Energy Comparing," Communications, China , vol.11, no.7, pp.110,116, July 2014. doi: 10.1109/CC.2014.6895390 Zero-watermark technique, embedding watermark without modifying carriers, has been broadly applied for copyright protection of images. However, there is little research on audio zero-watermark. This paper proposes an audio zero-watermark scheme based on energy relationship between adjacent audio sections. Taking use of discrete wavelet transformation (DWT), it gets power approximations, or energies, of audio segments. Then, it extracts the audio profile, i.e. the zero-watermark, according to the relative size of energies of consecutive fragments. The experimental results demonstrate that the proposed scheme is robust against general malicious attacks including noise addition, resampling, low-pass filtering, etc., and this approach effectively solves the contradiction between inaudibility and robustness.
  Keywords: approximation theory; audio watermarking; discrete wavelet transforms; DWT; audio profile extraction; audio sections; audio segment energies; audio zero-watermark scheme; consecutive fragments; discrete wavelet transformation; energy comparing; energy relationship; general malicious attacks; power approximations ;relative energy size; watermark embedding; Arrays; Bit error rate; Digital audio players; Discrete wavelet transforms; Filtering; Robustness; Watermarking; audio watermarking scheme; energy comparing; zero-watermark (ID#:14-3118)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6895390&isnumber=6895376

• Zou Weixia; Guo Chao; Du Guanglong; Wang Zhenyu; Gao Ying, "A New Codebook Design Scheme For Fast Beam Searching In Millimeter-Wave Communications," Communications, China, vol.11, no.6, pp.12, 22, June 2014. doi: 10.1109/CC.2014.6878999 To overcome imperfection of exhaustive based beam searching scheme in IEEE 802.15.3c and IEEE 802.11ad and accelerate the beam training process, combined with the fast beam searching algorithm previously proposed, this paper proposed a beam codebook design scheme for phased array to not only satisfy the fast beam searching algorithm's demand, but also make good use of the advantage of the searching algorithm. The simulation results prove that the proposed scheme not only performs well on flexibility and searching time complexity, but also has high success ratio.
  Keywords: antenna phased arrays; codes; radio networks; search problems; wireless LAN;IEEE 802.11ad standard; IEEE 802.15.3c standard; antenna element; beam codebook design scheme; beam training process; fast beam searching scheme; millimeter-wave communication; phased array; wireless communication; Array signal processing; Millimeter wave measurements; Particle beams; Receivers; Signal to noise ratio; Wireless communication; Wireless networks;60GHz;beam codebook design; beam searching; beam-forming; phased array; wireless communication (ID#:14-3119)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6878999&isnumber=6878993

• Zhao Feng; Li Jingling, "Performance of an Improved One-Way Error Reconciliation Protocol Based On Key Redistribution," Communications, China, vol.11, no.6, pp.63,70, June 2014. doi: 10.1109/CC.2014.6879004 In data post-processing for quantum key distribution, it is essential to have a highly efficient error reconciliation protocol. Based on the key redistribution scheme, we analyze a one-way error reconciliation protocol by data simulation. The relationship between the error correction capability and the key generation efficiency of three kinds of Hamming code are demonstrated. The simulation results indicate that when the initial error rates are (0,1.5%], (1.5,4%], and (4,11%], using the Hamming (31,26), (15,11), and (7,4) codes to correct the error, respectively, the key generation rate will be maximized. Based on this, we propose a modified one-way error reconciliation protocol which employs a mixed Hamming code concatenation scheme. The error correction capability and key generation rate are verified through data simulation. Using the parameters of the posterior distribution based on the tested data, a simple method for estimating the bit error rate (BER) with a given confidence interval is estimated. The simulation results show that when the initial bit error rate is 10.00%, after 7 rounds of error correction, the error bits are eliminated completely, and the key generation rate is 10.36%; the BER expectation is 2.96 x 10-10, and when the confidence is 95% the corresponding BER upper limit is 2.17 x 10-9. By comparison, for the single (7,4) Hamming code error reconciliation scheme at a confidence of 95%, the key generation rate is only 6.09%, while the BER expectation is 5.92 x 10-9, with a BER upper limit of 4.34 x 10-8. Hence, our improved protocol is much better than the original one.
  Keywords: Hamming codes; concatenated codes; cryptographic protocols; error correction codes; error statistics; quantum cryptography; statistical distributions; BER estimation; bit error rate; confidence interval; data post-processing; data simulation; error correction capability; improved one-way error reconciliation protocol; key generation efficiency; key generation rate; key redistribution scheme; mixed Hamming code concatenation scheme; posterior distribution; quantum key distribution; single (7,4) Hamming code error reconciliation scheme; Bit error rate; Data processing; Error correction codes; Error probability; Performance evaluation; Quantum wells; data post-processing; error reconciliation; quantum key distribution (ID#:14-3120)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6879004&isnumber=6878993

• Wang Yi; Liu Sanyang; Niu Wei; Liu Kai; Liao Yong, "Threat assessment method based on intuitionistic fuzzy similarity measurement reasoning with orientation," Communications, China , vol.11, no.6, pp.119,128, June 2014 doi: 10.1109/CC.2014.6879010 Abstract: The aim of this paper is to propose a threat assessment method based on intuitionistic fuzzy measurement reasoning with orientaion to deal with the shortcomings of the method proposed in [Ying-Jie Lei et al., Journal of Electronics and Information Technology 29(9)(2007)2077-2081] and [Dong-Feng Chen et al., Procedia Engineering 29(5)(2012)3302-3306] the ignorance of the influence of the intuitionistic index's orientation on the membership functions in the reasoning, which caused partial information loss in reasoning process. Therefore, we present a 3D expression of intuitionistic fuzzy similarity measurement, make an analysis of the constraints for intuitionistic fuzzy similarity measurement, and redefine the intuitionistic fuzzy similarity measurement. Moreover, in view of the threat assessment problem, we give the system variables of attribute function and assessment index, set up the reasoning system based on intuitionistic fuzzy similarity measurement with orientation, and design the reasoning rules, reasoning algorithms and fuzzy-resolving algorithms. Finally, through the threat assessment, some typical examples are cited to verify the validity and superiority of the method.
  Keywords: constraint handling; fuzzy logic; fuzzy reasoning; security of data; assessment index; attribute function; constraints analysis; fuzzy resolving algorithm; intuitionistic fuzzy similarity measurement with orientation; reasoning algorithms; reasoning rules; system variables; threat assessment method; Algorithm design and analysis; Cognition; Extraterrestrial measurements; Fuzzy reasoning; Fuzzy sets; Three-dimensional displays; Intuitionistic fuzzy reasoning; Orientation; Similarity measurement; Threat assessment (ID#:14-3121)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6879010&isnumber=6878993

• Li Wei; Tao Zhi; Gu Dawu; Sun Li; Qu Bo; Liu Zhiqiang; Liu Ya, "An Effective Differential Fault Analysis On The Serpent Cryptosystem in the Internet of Things," Communications, China, vol.11, no.6, pp.129,139, June 2014. doi: 10.1109/CC.2014.6879011 Due to the strong attacking ability, fast speed, simple implementation and other characteristics, differential fault analysis has become an important method to evaluate the security of cryptosystem in the Internet of Things. As one of the AES finalists, the Serpent is a 128-bit Substitution-Permutation Network (SPN) cryptosystem. It has 32 rounds with the variable key length between 0 and 256 bits, which is flexible to provide security in the Internet of Things. On the basis of the byte-oriented model and the differential analysis, we propose an effective differential fault attack on the Serpent cryptosystem. Mathematical analysis and simulating experiment show that the attack could recover its secret key by introducing 48 faulty ciphertexts. The result in this study describes that the Serpent is vulnerable to differential fault analysis in detail. It will be beneficial to the analysis of the same type of other iterated cryptosystems.
  Keywords: Internet of Things; computer network security; mathematical analysis; private key cryptography; Internet of Things; SPN cryptosystem; Serpent cryptosystem; byte-oriented model; cryptosystem security; differential fault analysis; differential fault attack; faulty ciphertexts; mathematical analysis; secret key recovery; substitution-permutation network cryptosystem; word length 0 bit to 256 bit; Educational institutions; Encryption; Internet of Things; Schedules; cryptanalysis; differential fault analysis ;internet of things; serpent (ID#:14-3122)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6879011&isnumber=6878993

• Seongwon Han; Youngtae Noh; Liang, R.; Chen, R.; Yung-Ju Cheng; Gerla, M., "Evaluation of Underwater Optical-Acoustic Hybrid Network," Communications, China, vol.11, no.5, pp.49,59, May 2014. doi: 10.1109/CC.2014.6880460 The deployment of underwater networks allows researchers to collect explorative and monitoring data on underwater ecosystems. The acoustic medium has been widely adopted in current research and commercial uses, while the optical medium remains experimental only. According to our survey on the properties of acoustic and optical communications and preliminary simulation results have shown significant trade-offs between bandwidth, propagation delay, power consumption, and effective communication range. We propose a hybrid solution that combines the use of acoustic and optical communication in order to overcome the bandwidth limitation of the acoustic channel by enabling optical communication with the help of acoustic-assisted alignment between optical transmitters and receivers.
  Keywords: optical receivers; optical transmitters; underwater acoustic communication; underwater optical wireless communication; acoustic communication; acoustic communications; acoustic medium; bandwidth; monitoring data; optical communication; optical communications; optical medium; optical receivers; optical transmitters; power consumption; propagation delay; underwater ecosystems; underwater optical acoustic hybrid network; Acoustics; Attenuation; Optical attenuators; Optical fiber communication; Optical receivers; Optical transmitters; acoustic communication; optical communication; underwater (ID#:14-3123)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6880460&isnumber=6880452

• Tian Zhihong; Jiang Wei; Li Yang; Dong Lan, "A Digital Evidence Fusion Method In Network Forensics Systems With Dempster-Shafer Theory," Communications, China, Vol.11, No.5, Pp.91, 97, May 2014. Doi: 10.1109/CC.2014.6880464 Network intrusion forensics is an important extension to present security infrastructure, and is becoming the focus of forensics research field. However, comparison with sophisticated multi-stage attacks and volume of sensor data, current practices in network forensic analysis are to manually examine, an error prone, labor-intensive and time consuming process. To solve these problems, in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments, and fuse digital evidence from different sources such as hosts and sub-networks automatically. In the end, we evaluate the method on well-known KDD Cup 1999 dataset. The results prove our method is very effective for real-time network forensics, and can provide comprehensible messages for a forensic investigator.
  Keywords: computer crime; computer network security; digital forensics; inference mechanisms; Dempster-Shafer theory; KDD Cup dataset; comprehensible messages; computer crime detection; digital evidence fusion method; network intrusion forensic systems; networked environments; security infrastructure; Algorithm design and analysis; Computer crime; Computer security; Digital forensics; Digital systems; Forensics; Support vector machines; dempster-shafer theory; digital evidence; fusion; network forensics; security (ID#:14-3124)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6880464&isnumber=6880452

• Hu Ziquan; She Kun; Wang Jianghua; Tang Jianguo, "Game Theory Based False Negative Probability Of Embedded Watermark Under Unintentional And Steganalysis Attacks," Communications, China, vol. 11, no. 5, pp.114, 123, May 2014. doi: 10.1109/CC.2014.6880467 Steganalysis attack is to statistically estimate the embedded watermark in the watermarked multimedia, and the estimated watermark may be destroyed by the attacker. The existing methods of false negative probability, however, do not consider the influence of steganalysis attack. This paper proposed the game theory based false negative probability to estimate the impacts of steganalysis attack, as well as unintentional attack. Specifically, game theory was used to model the collision between the embedment and steganalysis attack, and derive the optimal building/embedding/attacking strategy. Such optimal playing strategies devote to calculating the attacker destructed watermark, used for calculation of the game theory based false negative probability. The experimental results show that watermark detection reliability measured using our proposed method, in comparison, can better reflect the real scenario in which the embedded watermark undergoes unintentional attack and the attacker using steganalysis attack. This paper provides a foundation for investigating countermeasures of digital watermarking community against steganalysis attack.
  Keywords: game theory; multimedia communication; probability; steganography; telecommunication security; watermarking; embedded watermark; false negative probability; game theory; negative probability; optimal building-embedding-attacking strategy; optimal playing strategies; steganalysis attacks; unintentional attack; unintentional attacks; watermark detection reliability; watermarked multimedia; Bit error rate; Digital watermarking; Error analysis; Game theory; Reliability; Steganography; Watermarking; digital watermarking; false negative probability; game theory; steganalysis attack; watermark capacity (ID#:14-3125)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6880467&isnumber=6880452

• Xiaoyan Liang; Chunhe Xia; Jian Jiao; Junshun Hu; Xiaojian Li, "Modeling and Global Conflict Analysis Of Firewall Policy," Communications, China, vol. 11, no. 5, pp.124, 135, May 2014. doi: 10.1109/CC.2014.6880468 The global view of firewall policy conflict is important for administrators to optimize the policy. It has been lack of appropriate firewall policy global conflict analysis, existing methods focus on local conflict detection. We research the global conflict detection algorithm in this paper. We presented a semantic model that captures more complete classifications of the policy using knowledge concept in rough set. Based on this model, we presented the global conflict formal model, and represent it with OBDD (Ordered Binary Decision Diagram). Then we developed GFPCDA (Global Firewall Policy Conflict Detection Algorithm) algorithm to detect global conflict. In experiment, we evaluated the usability of our semantic model by eliminating the false positives and false negatives caused by incomplete policy semantic model, of a classical algorithm. We compared this algorithm with GFPCDA algorithm. The results show that GFPCDA detects conflicts more precisely and independently, and has better performance.
  Keywords: binary decision diagrams; firewalls; pattern classification; rough set theory; GFPCDA algorithm; OBDD; firewall policy classification; firewall policy global conflict analysis; global conflict detection algorithm; global firewall policy conflict detection algorithm; knowledge concept; local conflict detection; ordered binary decision diagram; rough set; semantic model; semantic model usability; Algorithm design and analysis; Analytical models; Classification algorithms; Detection algorithms; Firewalls (computing);Semantics; conflict analysis; conflict detection; firewall policy; semantic model (ID#:14-3126)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6880468&isnumber=6880452

• Xu Chaofeng; Fan Weimin; Wang Changfeng; Xin Zhanhong, "Risk and Intellectual Property In Technical Standard Competition: A Game Theory Perspective," Communications, China, vol.11, no.5, pp.136,143, May 2014. doi: 10.1109/CC.2014.6880469 Technical standard is typically characterized by network effect. The key point for a technical standard is the consumers' choice, which is based on consumers' maximum benefits. When a technical standard becomes a national standard, its interests have been integrated into the national interests. National interests are divided into economic profits and security factors. From the perspective of consumers' choice, this paper deals with the main factors which affect the result of technical standard competition- the risk and profits of intellectual property based on the assumption of bounded rationality and dynamic game theory.
  Keywords: consumer behaviour; game theory; industrial property; macroeconomics; profitability; risk management; consumer choice; consumer maximum benefits; dynamic game theory; economic profit factor; economic security factor intellectual property profits; intellectual property risk; national interests; network effect; technical standard competition; Analytical models; Computer security; Game theory; Intellectual property; Standards; game theory; intellectual property; risk; standard competition (ID#:14-3127)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6880469&isnumber=6880452

• Li Chaoling; Chen Yue; Zhou Yanzhou, "A Data Assured Deletion Scheme In Cloud Storage," Communications, China, vol.11, no.4, pp. 98, 110, April 2014. doi: 10.1109/CC.2014.6827572 In order to provide a practicable solution to data confidentiality in cloud storage service, a data assured deletion scheme, which achieves the fine grained access control, hopping and sniffing attacks resistance, data dynamics and deduplication, is proposed. In our scheme, data blocks are encrypted by a two-level encryption approach, in which the control keys are generated from a key derivation tree, encrypted by an All-Or-Nothing algorithm and then distributed into DHT network after being partitioned by secret sharing. This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an owner-specified data lifetime. Besides confidentiality, data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption. The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.
  Keywords: authorisation; cloud computing; cryptography; storage management; DHT network; all-or-nothing algorithm; cloud storage; convergent encryption; data assured deletion scheme; data confidentiality; data deduplication; data dynamics; fine grained access control; key derivation tree; owner-specified data lifetime; sniffing attack resistance; two-level encryption approach; Artificial neural networks; Encryption; cloud storage; data confidentiality; data dynamics; secure data assured deletion (ID#:14-3128)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6827572&isnumber=6827540

• Guoyuan Lin; Danru Wang; Yuyu Bie; Min Lei, "MTBAC: A mutual trust based access control model in Cloud computing," Communications, China, vol.11, no.4, pp.154, 162, April 2014. doi: 10.1109/CC.2014.6827577 As a new computing mode, cloud computing can provide users with virtualized and scalable web services, which faced with serious security challenges, however. Access control is one of the most important measures to ensure the security of cloud computing. But applying traditional access control model into the Cloud directly could not solve the uncertainty and vulnerability caused by the open conditions of cloud computing. In cloud computing environment, only when the security and reliability of both interaction parties are ensured, data security can be effectively guaranteed during interactions between users and the Cloud. Therefore, building a mutual trust relationship between users and cloud platform is the key to implement new kinds of access control method in cloud computing environment. Combining with Trust Management(TM), a mutual trust based access control (MTBAC) model is proposed in this paper. MTBAC model take both user's behavior trust and cloud services node's credibility into consideration. Trust relationships between users and cloud service nodes are established by mutual trust mechanism. Security problems of access control are solved by implementing MTBAC model into cloud computing environment. Simulation experiments show that MTBAC model can guarantee the interaction between users and cloud service nodes.
  Keywords: Web services; authorisation; cloud computing; virtualisation; MTBAC model; cloud computing environment; cloud computing security; cloud service node credibility; data security; mutual trust based access control model; mutual trust mechanism; mutual trust relationship; open conditions; scalable Web services; trust management; user behavior trust; virtualized Web services; Computational modeling; Reliability; Time-frequency analysis; MTBAC; access control; cloud computing; mutual trust mechanism; trust model (ID#:14-3129)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6827577&isnumber=6827540

• Li Ning; Lin Kanfeng; Lin Wenliang; Deng Zhongliang, "A Joint Encryption And Error Correction Method Used In Satellite Communications," Communications, China, vol.11, no.3, pp.70, 79, March 2014. doi: 10.1109/CC.2014.6825260 Due to the ubiquitous open air links and complex electromagnetic environment in the satellite communications, how to ensure the security and reliability of the information through the satellite communications is an urgent problem. This paper combines the AES(Advanced Encryption Standard) with LDPC(Low Density Parity Check Code) to design a secure and reliable error correction method -SEEC(Satellite Encryption and Error Correction).This method selects the LDPC codes, which is suitable for satellite communications, and uses the AES round key to control the encoding process, at the same time, proposes a new algorithm of round key generation. Based on a fairly good property in error correction in satellite communications, the method improves the security of the system, achieves a shorter key size, and then makes the key management easier. Eventually, the method shows a great error correction capability and encryption effect by the MATLAB simulation.
  Keywords: cryptography; encoding; error correction codes; parity check codes; satellite communication; telecommunication network reliability; telecommunication security; AES; LDPC codes; MATLAB simulation; SEEC; advanced encryption standard; complex electromagnetic environment; encoding process; error correction; low density parity check code ;reliability; round key generation; satellite communications; satellite encryption; security; ubiquitous open air links; Encoding; Encryption; Error correction; Parity check codes; Satellite communication; LDPC channel coding; advanced encryption standard; data encryption; error correcting cipher; satellite communications (ID#:14-3130)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6825260&isnumber=6825249

• Huang Qinlong; Ma Zhaofeng; Yang Yixian; Niu Xinxin; Fu Jingyi, "Improving Security And Efficiency For Encrypted Data Sharing In Online Social Networks," Communications, China, vol. 11, no. 3, pp. 104, 117, March 2014. doi: 10.1109/CC.2014.6825263 Despite that existing data sharing systems in online social networks (OSNs) propose to encrypt data before sharing, the multiparty access control of encrypted data has become a challenging issue. In this paper, we propose a secure data sharing scheme in OSNs based on ciphertext-policy attribute-based proxy re-encryption and secret sharing. In order to protect users' sensitive data, our scheme allows users to customize access policies of their data and then outsource encrypted data to the OSNs service provider. Our scheme presents a multiparty access control model, which enables the disseminator to update the access policy of ciphertext if their attributes satisfy the existing access policy. Further, we present a partial decryption construction in which the computation overhead of user is largely reduced by delegating most of the decryption operations to the OSNs service provider. We also provide checkability on the results returned from the OSNs service provider to guarantee the correctness of partial decrypted ciphertext. Moreover, our scheme presents an efficient attribute revocation method that achieves both forward and backward secrecy. The security and performance analysis results indicate that the proposed scheme is secure and efficient in OSNs.
  Keywords: authorisation; cryptography; social networking (online); attribute based proxy reencryption; ciphertext policy; data security; decryption operations; encrypted data sharing efficiency; multiparty access control model; online social networks; secret sharing; secure data sharing; Access control; Amplitude shift keying; Data sharing; Encryption; Social network services; attribute revocation; attribute-based encryption; data sharing; multiparty access control; online social networks (ID#:14-3131)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6825263&isnumber=6825249

• Yue Keqiang; Sun Lingling; Qin Xing; Zheng Zhonghua, "Design of Anti-Collision Integrated Security Mechanism Based On Chaotic Sequence In UHF RFID System," Communications, China , vol.11, no.3, pp.137,147, March 2014. doi: 10.1109/CC.2014.6825266 Collision and security issues are considered as barriers to RFID applications. In this paper, a parallelizable anti-collision based on chaotic sequence combined dynamic frame slotted aloha to build a high-effciency RFID system is proposed. In the tags parallelizable identification, we design a Discrete Markov process to analyze the success identification rate. Then a mutual authentication security protocol merging chaotic anti-collision is presented. The theoretical analysis and simulation results show that the proposed identifcation scheme has less than 45.1 % of the identifcation time slots compared with the OVSF-system when the length of the chaos sequence is 31. The success identification rate of the proposed chaotic anti-collision can achieve 63% when the number of the tag is 100. We test the energy consumption of the presented authentication protocol, which can simultaneously solve the anti-collision and security of the UHF RFID system.
  Keywords: Markov processes; access protocols; chaotic communication ;cryptographic protocols; power consumption; radiofrequency identification; UHF RFID system; anticollision integrated security; chaotic anticollision; chaotic sequence; combined dynamic frame slotted aloha; discrete Markov process; energy consumption; mutual authentication security protocol; parallelizable anticollision; parallelizable identification; success identification rate; Authentication; Chaotic communication; Markov processes; Protocols; Radiofrequency identification; anti-collision; chaotic sequence; discrete Markov process; performance analysis; security (ID#:14-3132)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6825266&isnumber=6825249

• Zhiming Wang; Jiangxing Wu; Yu Wang; Ning Qi; Julong Lan, "Survivable Virtual Network Mapping Using Optimal Backup Topology In Virtualized SDN," Communications, China, vol.11, no.2, pp.26, 37, Feb 2014. doi: 10.1109/CC.2014.6821735 Software-Defined Network architecture offers network virtualization through a hypervisor plane to share the same physical substrate among multiple virtual networks. However, for this hypervisor plane, how to map a virtual network to the physical substrate while guaranteeing the survivability in the event of failures, is extremely important. In this paper, we present an efficient virtual network mapping approach using optimal backup topology to survive a single link failure with less resource consumption. Firstly, according to whether the path splitting is supported by virtual networks, we propose the OBT-I and OBT-II algorithms respectively to generate an optimal backup topology which minimizes the total amount of bandwidth constraints. Secondly, we propose a Virtual Network Mapping algorithm with coordinated Primary and Backup Topology (VNM-PBT) to make the best of the substrate network resource. The simulation experiments show that our proposed approach can reduce the average resource consumption and execution time cost, while improving the request acceptance ratio of VNs.
  Keywords: software radio; telecommunication network reliability; telecommunication network topology; OBT-I algorithms; OBT-II algorithms; bandwidth constraints; hypervisor plane; multiple virtual networks; optimal backup topology; physical substrate; resource consumption; single link failure; software-defined network architecture; substrate network resource; survivable virtual network mapping; virtualized SDN; Artificial neural networks; Bandwidth; optimization; Switches; Topology; backup sharing; optimal backup topology; path splitting; software-defined network; survivability; virtual network mapping (ID#:14-3133)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821735&isnumber=6821729

• Gu Lize; Wang Jingpei; Sun Bin, "Trust Management Mechanism for Internet of Things," Communications, China, vol.11, no.2, pp.148,156, Feb 2014. doi: 10.1109/CC.2014.6821746 Trust management has been proven to be a useful technology for providing security service and as a consequence has been used in many applications such as P2P, Grid, ad hoc network and so on. However, few researches about trust mechanism for Internet of Things (IoT) could be found in the literature, though we argue that considerable necessity is held for applying trust mechanism to IoT. In this paper, we establish a formal trust management control mechanism based on architecture modeling of IoT. We decompose the IoT into three layers, which are sensor layer, core layer and application layer, from aspects of network composition of IoT. Each layer is controlled by trust management for special purpose: self-organized, affective routing and multi-service respectively. And the final decision-making is performed by service requester according to the collected trust information as well as requester' policy. Finally, we use a formal semantics-based and fuzzy set theory to realize all above trust mechanism, the result of which provides a general framework for the development of trust models of IoT.
  Keywords: Internet of Things; ad hoc networks; decision making; fuzzy set theory; peer-to-peer computing; telecommunication network routing; telecommunication security; Internet of Things;IoT;P2P;ad hoc network; application layer; core layer; decision making; formal semantics; formal trust management control; fuzzy set theory; grid; routing; security service; sensor layer; trust management mechanism; Decision making; Internet ;Legged locomotion; Multiplexing; Security; Internet of Things; formal semantics; trust decisionmaking; trust management (ID#:14-3134)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821746&isnumber=6821729

• Cao Wanpeng; Bi Wei, "Adaptive And Dynamic Mobile Phone Data Encryption Method," Communications, China, vol.11, no.1, pp.103,109, Jan. 2014. doi: 10.1109/CC.2014.6821312 To enhance the security of user data in the clouds, we present an adaptive and dynamic data encryption method to encrypt user data in the mobile phone before it is uploaded. Firstly, the adopted data encryption algorithm is not static and uniform. For each encryption, this algorithm is adaptively and dynamically selected from the algorithm set in the mobile phone encryption system. From the mobile phone's character, the detail encryption algorithm selection strategy is confirmed based on the user's mobile phone hardware information, personalization information and a pseudo-random number. Secondly, the data is rearranged with a randomly selected start position in the data before being encrypted. The start position's randomness makes the mobile phone data encryption safer. Thirdly, the rearranged data is encrypted by the selected algorithm and generated key. Finally, the analysis shows this method possesses the higher security because the more dynamics and randomness are adaptively added into the encryption process.
  Keywords: cloud computing; cryptography; data protection; mobile computing; mobile handsets; random functions; detail encryption algorithm selection strategy; mobile phone data encryption method; mobile phone encryption system; mobile phone hardware information; personalization information; pseudorandom number; user data security; Encryption; Heuristic algorithms; Mobile communication; Mobile handsets; Network security; cloud storage; data encryption; mobile phone; pseudo-random number (ID#:14-3135)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821312&isnumber=6821299

• Shang Tao; Pei Hengli; Liu Jianwei, "Secure Network Coding Based On Lattice Signature," Communications, China, vol.11, no.1, pp.138, 151, Jan. 2014. doi: 10.1109/CC.2014.6821316 To provide a high-security guarantee to network coding and lower the computing complexity induced by signature scheme, we take full advantage of homomorphic property to build lattice signature schemes and secure network coding algorithms. Firstly, by means of the distance between the message and its signature in a lattice, we propose a Distance-based Secure Network Coding (DSNC) algorithm and stipulate its security to a new hard problem Fixed Length Vector Problem (FLVP), which is harder than Shortest Vector Problem (SVP) on lattices. Secondly, considering the boundary on the distance between the message and its signature, we further propose an efficient Boundary-based Secure Network Coding (BSNC) algorithm to reduce the computing complexity induced by square calculation in DSNC. Simulation results and security analysis show that the proposed signature schemes have stronger unforgeability due to the natural property of lattices than traditional Rivest-Shamir-Adleman (RSA)-based signature scheme. DSNC algorithm is more secure and BSNC algorithm greatly reduces the time cost on computation.
  Keywords: {computational complexity; digital signatures; network coding; telecommunication security; BSNC; DSNC; FLVP; boundary-based secure network coding; computing complexity; distance-based secure network coding; fixed length vector problem; hard problem; high-security guarantee; homomorphic property; lattice signature; signature scheme; Algorithm design and analysis; Cryptography; Lattices; Network coding; Network security; fixed length vector problem; lattice signature; pollution attack; secure network coding (ID#:14-3136)
  URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821316&isnumber=6821299

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---